Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WIN_DCA_2.4.0.10654_sursvc_qh.msi

Overview

General Information

Sample name:WIN_DCA_2.4.0.10654_sursvc_qh.msi
Analysis ID:1426571
MD5:b9f88ef2f1b7956089e35f6762bbc494
SHA1:420fa60ca04273bfba651402ebd1c60eba856114
SHA256:3327e76ccdbb5b796da1ed96009345d60904f94102609854a2894439b0c711fc
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

.NET source code contains very large strings
Sample is not signed and drops a device driver
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7616 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10654_sursvc_qh.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7660 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7880 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F1C809FEE972ABEAE39BB6DC6996D99E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7972 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 594B08B14BB53DA353B7B8C7CFA5C9EA MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 8040 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 848F5E5D5CCFC7A033F45D33B8DB52E8 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • cmd.exe (PID: 8076 cmdline: "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8124 cmdline: "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID") MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8188 cmdline: "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 7220 cmdline: "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 7204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SurConsent.exe (PID: 7188 cmdline: "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install MD5: 4F9C3DB6545E8D95517692A8ACEEA351)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\IntelJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SURJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIPJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEKJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UpdaterJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\binJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pemJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csvJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.batJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\apiJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pydJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.logJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI234B.tmp.1.dr, MSI231B.tmp.1.dr, MSI227E.tmp.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.1.3 19 Sep 20233.1.3built on: Tue Sep 19 20:46:09 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARAM_get_uint32OSSL_PARAM_set_uint32OSSL_PARAM_get_int64OSSL_PARAM_set_int64OSSL_PARAM_get_uint64OSSL_PARAM_set_uint64OSSL_PARAM_get_BNOSSL_PARAM_set_BNOSSL
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbFF source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3.dll.1.dr, libcrypto-3-x64.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: _ssl.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb source: esrv_lib.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb11 source: esrv_lib.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb source: pywintypes311.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI2513.tmp.1.dr, MSI235C.tmp.1.dr, MSI231B.tmp.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:32:59 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;os-specificC:\Program Files (x86)\Common Files\SSLC:\Program Files (x86)\OpenSSL\lib\ossl-modules.dll..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: libcrypto-3.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb** source: pywintypes311.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link_helper\productivity_link_helper.pdb source: productivity_link_helper.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI234B.tmp.1.dr, MSI231B.tmp.1.dr, MSI227E.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: R:\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb++ source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 4x nop then jmp 00007FFD9B4109FFh16_2_00007FFD9B4109C7
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 4x nop then jmp 00007FFD9B411162h16_2_00007FFD9B4110C5
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: licenses.txt.1.drString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: licenses.txt.1.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://ocsp.comodoca.com0
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0K
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: http://ocsp.sectigo.com0#
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: http://wixtoolset.org
Source: licenses.txt.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiString found in binary or memory: http://www.intel.com/privacy
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiString found in binary or memory: http://www.opensource.org).
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: sqlite3.dll.1.drString found in binary or memory: http://www.sqlite.org/copyright.html.
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: licenses.txt.1.drString found in binary or memory: https://github.com/jquery/globalize
Source: licenses.txt.1.drString found in binary or memory: https://github.com/jquery/jquery
Source: win32security.pyd.1.dr, win32trace.pyd.1.dr, perfmon.pyd.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, win32profile.pyd.1.dr, win32api.pyd.1.dr, win32file.pyd.1.dr, pywintypes311.dll.1.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://intel.com/privacy
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C00288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://intel.com/privacy.
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://intel.fr/privacy.
Source: licenses.txt.1.drString found in binary or memory: https://jquery.org/
Source: licenses.txt.1.drString found in binary or memory: https://js.foundation/
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policy.system-usage-report.
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policy.system-usage-report.intel.com/faq/
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: System.Data.SQLite.EF6.dll.1.dr, System.Data.SQLite.dll.1.drString found in binary or memory: https://system.data.sqlite.org/
Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://system.data.sqlite.org/X
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/in
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com.br/content/www
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/cn/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/id/id/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/it/it/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/pl/pl/support/topics/idsa-cip.html.
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/th/th/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlH
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiString found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmp, WIN_DCA_2.4.0.10654_sursvc_qh.msiString found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html.
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html8
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/vn/vi/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.de/content/www/de/de/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.es/content/www/es/es/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html
Source: SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html.
Source: libssl-3.dll.1.dr, libcrypto-3.dll.1.dr, libcrypto-3-x64.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: System.Data.SQLite.EF6.dll.1.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
Source: System.Data.SQLite.EF6.dll.1.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://www.sqlite.org/see

System Summary

barindex
.NET source code contains very large strings
Source: ProcessAnalyzerTask.dll.1.dr, ProcessAnalyzerTask.csLong String: Length: 10957
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5c1378.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21C1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI226E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI227E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI231B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI234B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI235C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2513.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25D0.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26AC.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI271A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27B7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2855.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\IntelJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SURJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEKJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\UpdaterJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\RegistryJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppDataJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\downloadsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\historyJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\update_eventsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\persisted_updatesJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\captured_logsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI38D0.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI21C1.tmpJump to behavior
Source: DSADcaIntegration.dll.1.drStatic PE information: No import functions for PE file found
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiBinary or memory string: OriginalFilenameuica.dll\ vs WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiBinary or memory string: OriginalFilenamewixca.dll\ vs WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiBinary or memory string: OriginalFilenameServiceO.dll\ vs WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiBinary or memory string: OriginalFilenameScheduleUpdates.dll` vs WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiBinary or memory string: OriginalFilenamewixca.dllL vs WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: GenericSqlATLSupport.dll.1.dr, GenericSQLAnalyzerTask.csTask registration methods: 'CreateValidSessionTableAndAnalysisInterval'
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.IO.FileInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.IO.DirectoryInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.SecurityIdentifier)
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.csSecurity API names: Directory.GetAccessControl
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.csSecurity API names: Directory.GetAccessControl(directory).GetAccessRules
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: classification engineClassification label: sus26.evad.winMSI@22/178@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\IntelJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8084:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7204:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8132:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7292:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFE2BAD0F3398D8842.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: sqlite3.dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: DisplayStateAnalyzerTask.dll.1.drBinary or memory string: create table display_state_summary (measurement_time datetime, state varchar(255), session_id int, datatype int);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: BrowserHistoryAnalyzerTask.dll.1.drBinary or memory string: create table if not exists visits(id INT, url INT, visit_time INT, from_visit INT, transition INT, segment_id INT, visit_duration INT, incremented_omnibox_typed_score NUM, user_key_idc_session_id INT); oError occured while merging browser history databases:
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10654_sursvc_qh.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F1C809FEE972ABEAE39BB6DC6996D99E
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 594B08B14BB53DA353B7B8C7CFA5C9EA
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 848F5E5D5CCFC7A033F45D33B8DB52E8 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F1C809FEE972ABEAE39BB6DC6996D99EJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 594B08B14BB53DA353B7B8C7CFA5C9EAJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 848F5E5D5CCFC7A033F45D33B8DB52E8 E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -installJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:RJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: riched20.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: usp10.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: msls31.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\IntelJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SURJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIPJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEKJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UpdaterJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\binJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pemJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csvJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.batJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\apiJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pydJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.logJump to behavior
Source: WIN_DCA_2.4.0.10654_sursvc_qh.msiStatic file information: File size 24236032 > 1048576
Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI234B.tmp.1.dr, MSI231B.tmp.1.dr, MSI227E.tmp.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.1.3 19 Sep 20233.1.3built on: Tue Sep 19 20:46:09 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARAM_get_uint32OSSL_PARAM_set_uint32OSSL_PARAM_get_int64OSSL_PARAM_set_int64OSSL_PARAM_get_uint64OSSL_PARAM_set_uint64OSSL_PARAM_get_BNOSSL_PARAM_set_BNOSSL
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbFF source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3.dll.1.dr, libcrypto-3-x64.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: _ssl.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb source: esrv_lib.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb11 source: esrv_lib.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb source: pywintypes311.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI2513.tmp.1.dr, MSI235C.tmp.1.dr, MSI231B.tmp.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:32:59 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;os-specificC:\Program Files (x86)\Common Files\SSLC:\Program Files (x86)\OpenSSL\lib\ossl-modules.dll..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: libcrypto-3.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb** source: pywintypes311.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link_helper\productivity_link_helper.pdb source: productivity_link_helper.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI234B.tmp.1.dr, MSI231B.tmp.1.dr, MSI227E.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI231B.tmp.1.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: R:\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb++ source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: DSADcaIntegration.dll.1.drStatic PE information: 0xB9BEFE61 [Mon Oct 1 07:25:21 2068 UTC]
Source: IntelSoftwareAssetManagerService.exe.1.drStatic PE information: real checksum: 0x4f104b should be: 0x4e7d4b
Source: crashlog_extractor.exe.1.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.1.drStatic PE information: section name: .00cfg
Source: python311.dll.1.drStatic PE information: section name: PyRuntim
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 16_2_00007FFD9B418CB5 push eax; iretd 16_2_00007FFD9B418CCD
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 16_2_00007FFD9B418C95 push eax; iretd 16_2_00007FFD9B418CCD

Persistence and Installation Behavior

barindex
Sample is not signed and drops a device driver
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI227E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI226E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26AC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI271A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27B7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21C1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI38D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI234B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2855.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI235C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2513.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI234B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21C1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI227E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2855.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI235C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI38D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26AC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI271A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2513.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI27B7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI226E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: esrv_svc.exe.1.drBinary or memory string: WINE_GET_UNIX_FILE_NAME
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMemory allocated: 16C77C80000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMemory allocated: 16C796F0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI227E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI24C4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI226E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI26AC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI25D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI271A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI27B7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI21C1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI38D0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI234B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2855.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI235C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2513.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: esrv_svc.exe.1.drBinary or memory string: VMware-
Source: esrv_svc.exe.1.drBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -installJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:RJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Program Files\Intel\SUR\ICIP\Config.dll VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Scheduled Task/Job		1
Windows Service		1
Windows Service		32
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scheduled Task/Job		11
Process Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Services File Permissions Weakness		1
Scheduled Task/Job		11
Disable or Modify Tools		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
Services File Permissions Weakness		11
Process Injection		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		2
Obfuscated Files or Information		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Services File Permissions Weakness		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1426571 Sample: WIN_DCA_2.4.0.10654_sursvc_qh.msi Startdate: 16/04/2024 Architecture: WINDOWS Score: 26 46 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->46 48 .NET source code contains very large strings 2->48 8 msiexec.exe 271 207 2->8         started        12 msiexec.exe 5 2->12         started        process3 file4 38 C:\Program Files\Intel\...\semav6msr64.sys, PE32+ 8->38 dropped 40 C:\Program Files\Intel\SUR\...\bertreader.sys, PE32+ 8->40 dropped 42 C:\Windows\Installer\MSI38D0.tmp, PE32 8->42 dropped 44 139 other files (none is malicious) 8->44 dropped 50 Sample is not signed and drops a device driver 8->50 14 msiexec.exe 8->14         started        16 SurConsent.exe 1 3 8->16         started        18 msiexec.exe 8->18         started        20 msiexec.exe 8->20         started        signatures5 process6 process7 22 cmd.exe 1 14->22         started        24 icacls.exe 1 14->24         started        26 cmd.exe 1 14->26         started        28 cmd.exe 1 14->28         started        process8 30 conhost.exe 22->30         started        32 conhost.exe 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 28->36         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WIN_DCA_2.4.0.10654_sursvc_qh.msi0%ReversingLabs
WIN_DCA_2.4.0.10654_sursvc_qh.msi0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Intel\SUR\ICIP\Config.dll0%ReversingLabs
C:\Program Files\Intel\SUR\ICIP\Config.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\ICIP\SurConsent.exe0%ReversingLabs
C:\Program Files\Intel\SUR\ICIP\SurConsent.exe0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
fp2e7a.wpc.phicdn.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
https://js.foundation/0%URL Reputationsafe
https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.html0%VirustotalBrowse
https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)0%VirustotalBrowse
http://www.zhongyicts.com.cn1%VirustotalBrowse
https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html0%VirustotalBrowse
https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.0%VirustotalBrowse
http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
https://www.intel.com.br/content/www0%VirustotalBrowse
http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.html0%VirustotalBrowse
http://www.founder.com.cn/cn0%VirustotalBrowse
https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.html0%VirustotalBrowse
https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.html0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fp2e7a.wpc.phicdn.net
192.229.211.108
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.intel.co.jp/content/www/jp/ja/privacy/inSurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
    		unknown
    https://www.intel.com/content/www/us/en/support/topics/idsa-cip.htmlWIN_DCA_2.4.0.10654_sursvc_qh.msifalse
      		high
      http://www.fontbureau.com/designersGSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        https://intel.fr/privacy.SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          https://github.com/jquery/jquerylicenses.txt.1.drfalse
            		high
            http://www.fontbureau.com/designers/?SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.founder.com.cn/cn/bTheSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalseunknown
              https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalseunknown
              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://ocsp.sectigo.com0WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designers?SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.htmlSurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                https://github.com/mhammond/pywin32win32security.pyd.1.dr, win32trace.pyd.1.dr, perfmon.pyd.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, win32profile.pyd.1.dr, win32api.pyd.1.dr, win32file.pyd.1.dr, pywintypes311.dll.1.drfalse
                  		high
                  http://www.tiro.comSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://system.data.sqlite.org/XSystem.Data.SQLite.dll.1.drfalse
                    		high
                    https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://policy.system-usage-report.intel.com/faq/SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.com/designersSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.goodfont.co.krSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://creativecommons.org/publicdomain/zero/1.0/licenses.txt.1.drfalse
                            		high
                            http://mozilla.org/MPL/2.0/.licenses.txt.1.drfalse
                              		high
                              https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.sajatypeworks.comSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/cTheSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://www.galapagosdesign.com/staff/dennis.htmSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://wixtoolset.orgWIN_DCA_2.4.0.10654_sursvc_qh.msi, MSI38D0.tmp.1.dr, MSI25D0.tmp.1.dr, MSI26AC.tmp.1.dr, MSI231B.tmp.1.drfalse
                                  		high
                                  http://www.opensource.org).WIN_DCA_2.4.0.10654_sursvc_qh.msifalse
                                    		low
                                    https://www.intel.com.br/content/wwwSurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    http://www.galapagosdesign.com/DPleaseSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.intel.com/content/www/vn/vi/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fonts.comSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.EF6.dll.1.drfalse
                                          		high
                                          http://www.urwpp.deDPleaseSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.zhongyicts.com.cnSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                            https://policy.system-usage-report.SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html.SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                http://www.sakkal.comSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.intel.es/content/www/es/es/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.sqlite.org/copyright.html.sqlite3.dll.1.drfalse
                                                    		high
                                                    https://www.intel.com/content/www/it/it/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.apache.org/licenses/LICENSE-2.0licenses.txt.1.drfalse
                                                        		high
                                                        http://www.fontbureau.comSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://sectigo.com/CPS0WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlHSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmpfalse
                                                            		high
                                                            https://www.intel.com/content/www/th/th/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.sqlite.org/lang_aggfunc.htmlSystem.Data.SQLite.EF6.dll.1.drfalse
                                                                		high
                                                                https://intel.com/privacySurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.intel.com/content/www/cn/zh/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html.SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmp, WIN_DCA_2.4.0.10654_sursvc_qh.msifalse
                                                                      		high
                                                                      http://ocsp.sectigo.com0#WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                                                                        		unknown
                                                                        https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                        http://www.carterandcone.comlSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                        https://intel.com/privacy.SurConsent.exe, 00000010.00000002.2928889066.0000016C00288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tWIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.fontbureau.com/designers/cabarga.htmlNSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/jquery/globalizelicenses.txt.1.drfalse
                                                                              		high
                                                                              http://www.founder.com.cn/cnSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                              https://jquery.org/licenses.txt.1.drfalse
                                                                                		high
                                                                                http://www.fontbureau.com/designers/frere-user.htmlSurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yWIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#WIN_DCA_2.4.0.10654_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html8SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.jiyu-kobo.co.jp/SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.sqlite.org/seeSystem.Data.SQLite.dll.1.drfalse
                                                                                      		high
                                                                                      https://www.openssl.org/Hlibssl-3.dll.1.dr, libcrypto-3.dll.1.dr, libcrypto-3-x64.dll.1.drfalse
                                                                                        		high
                                                                                        http://www.fontbureau.com/designers8SurConsent.exe, 00000010.00000002.2930982783.0000016C7B122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                          https://system.data.sqlite.org/System.Data.SQLite.EF6.dll.1.dr, System.Data.SQLite.dll.1.drfalse
                                                                                            		high
                                                                                            https://www.intel.com/content/www/pl/pl/support/topics/idsa-cip.html.SurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.intel.com/privacyWIN_DCA_2.4.0.10654_sursvc_qh.msifalse
                                                                                                		high
                                                                                                https://js.foundation/licenses.txt.1.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://www.intel.com/content/www/id/id/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.intel.de/content/www/de/de/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000000.1904113870.0000016C77915000.00000002.00000001.01000000.00000004.sdmp, SurConsent.exe, 00000010.00000002.2928889066.0000016C0017B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    No contacted IP infos

                                                                                                    General Information

                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                    Analysis ID:1426571
                                                                                                    Start date and time:2024-04-16 10:35:27 +02:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 6m 52s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:19
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:WIN_DCA_2.4.0.10654_sursvc_qh.msi
                                                                                                    Detection:SUS
                                                                                                    Classification:sus26.evad.winMSI@22/178@0/0
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 98%
                                                                                                    • Number of executed functions: 7
                                                                                                    • Number of non-executed functions: 0
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .msi

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    No simulations

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    No context

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    fp2e7a.wpc.phicdn.netOeyrmdo.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                    • 192.229.211.108
                                                                                                    DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 192.229.211.108
                                                                                                    SecuriteInfo.com.IL.Trojan.MSILZilla.30455.29056.1307.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                    • 192.229.211.108
                                                                                                    http://kunnskapsfilm.noGet hashmaliciousUnknownBrowse
                                                                                                    • 192.229.211.108
                                                                                                    ghVYKlWkRxFNuDb.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 192.229.211.108
                                                                                                    Purchase#order10662324.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 192.229.211.108
                                                                                                    https://danharborsuit.sbs/access/wfiles.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 192.229.211.108
                                                                                                    https://manage.kmail-lists.com/subscriptions/subscribe/update?c=01H0G3BVA5P4WT38NKH3DY6QEB&a=WkVYqE&p=eyJUaWNrZXRfb3B0IGluIjogIlllcyJ9&k=53b9cf0c5602fbaff2d592c0e9b9058a&r=https://nefesatolyesi.com/php/Abbey%20Wohlgemuth//////////////////////iufqfphjpudjgeyacbjcowwxiudjwpwemdudvopvpieomylrub/ripduaznenYWJiZXkud29obGdlbXV0aEBtbGNpbnN1cmFuY2UuY29tLmF1~lg=pricepaidonsweat919Get hashmaliciousUnknownBrowse
                                                                                                    • 192.229.211.108
                                                                                                    https://tzz6iree0t31.azureedge.net/Get hashmaliciousUnknownBrowse
                                                                                                    • 192.229.211.108
                                                                                                    https://pub-daab4868e51e4062b2a29719ba8bfc5d.r2.dev/ngasav.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 192.229.211.108

                                                                                                    ASNs

                                                                                                    No context

                                                                                                    JA3 Fingerprints

                                                                                                    No context

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Config.Msi\5c1379.rbs

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):39425
                                                                                                    Entropy (8bit):5.696773356678574
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:kZkXiYyJWI+ByNtLuxvzvb7JGAPjvZQWR9wmSbpeIdJwGKQCEQVIFlC7qBrVw2l9:akXiYyJWI+ByNtLuxvzvbtGAPjvZQWR4
                                                                                                    MD5:A9377A14C626E3D0EDE83EA1DE67B753
                                                                                                    SHA1:6684E1ACC770FC0DE2AF00BCDDAADD0FE9EF2AA0
                                                                                                    SHA-256:FAEF264D053EEF7E56F2B1837BD86F2049783F99C0065B48DF86A2A44B1DFDEA
                                                                                                    SHA-512:D2ED3D06253C352B7367F4620304E8564F16E20C16340DD720A83FC22A146953C2500A3834116983AC151EEFEDEF28F1E846C7EA84439142D94D2FB8A8A5B0F5
                                                                                                    Malicious:false
                                                                                                    Preview:...@IXOS.@.....@.T.X.@.....@.....@.....@.....@.....@......&.{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}&.Intel(R) Computing Improvement Program!.WIN_DCA_2.4.0.10654_sursvc_qh.msi.@.....@.)...@.....@......vmp..&.{F5B334BC-EB98-42B1-9672-0E25B39E6D90}.....@.....@.....@.....@.......@.....@.....@.......@....&.Intel(R) Computing Improvement Program......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....uninstall.4FFF4AAB_22AE_4C10_B00D_4F1423082A83..,.delSDID.4FFF4AAB_22AE_4C10_B00D_4F1423082A83....clear_ids.4FFF4AAB_22AE_4C10_B00D_4F1423082A83....ProcessComponents..Updating component registration..&.{E2ABED4C-AB56-4586-BBD7-364421DB14E2}&.{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}.@......&.{83CFBACE-BB58-4BEA-95BD-7612425AA7B3}&.{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}.@......&.{B33258FD-750C-3B42-8BE4-535B48E97DB4}&.{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}.@......&.{2427B123-F132-4F0B-A958-50F7CDFCAA56}&.{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}.@......&.{22824972-

                                                                                                    C:\Program Files\Intel\SUR\ICIP\Config.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):16648
                                                                                                    Entropy (8bit):6.749290041978104
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:hTcfqI/nXnppwKNsehdDeYFVbGGoGCJEF8ZpHgWVH:1gqYWehdDeWVbMEFiRt
                                                                                                    MD5:076CD39DCE16993D9D8496FDBF039D2F
                                                                                                    SHA1:F500845C26A1DF590B967F6CC82C618365026D09
                                                                                                    SHA-256:6F81BD06076EC59EB0F1C51AC2509F5B4DB131668CF1E10C7AEC75F184F5942B
                                                                                                    SHA-512:3158CC85DEC26BA43FC315A0F494119D9E14D1B44C0E23B144392187244E50A5E04252FFD3CD029963382565F676AA96BE1DEAD0FFEE5346F7FE574C6E1F2530
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.................. ...@....... ....................................`.................................h...O....@...................)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......,"..<...........................................................".(.....*.r...p.....~....r'..p(.........r3..p.....*..0...........rC..p(......((......(....-..(....-...o.......+....,;..~....(......(...........,..rC..p.(.....r[..p.(........+..r[..p(......+...*....0..........ru..p.....r...p.....(.........r...p(.........r...p.....~....~....~....(.........~....r...p(.........~....r...p~....r#..p(.........r'..p.....~....~....(.........*....0..[.......rI..p.....r_..p.....r...

                                                                                                    C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Intel\SUR\ICIP\SurConsent.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):289
                                                                                                    Entropy (8bit):4.989437270098558
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:kzTZPGH8rTUzTZPGyRKPTUzTdk3mqr7pUzTDsGIpHGKa+Hfv7TUzTDsGtGKa+Hfv:kXgcHUXgCKrUXm3nNUXDfIdr/v7TUXDD
                                                                                                    MD5:C202A89663F83FAA1DD134EA13343F29
                                                                                                    SHA1:58183A6259B61463212C1552B04BE53F871ACBBD
                                                                                                    SHA-256:15E88D56F5303E23F383E77564DA8968281A6A05FA91846D64F6E8660F3B814C
                                                                                                    SHA-512:860EC8CCD458713F39FB336FF8AD6B59A5438AF30ACFCD0D70F6BCC7AA8B108FFC8BF93C270F1992FFE6F734D4CA502182BF29864244F96271294D1C213E465F
                                                                                                    Malicious:false
                                                                                                    Preview:04/16/2024 10:36:42,INFO:ICIP:logger start...04/16/2024 10:36:42,INFO:ICIP:Starting ICIP...04/16/2024 10:36:43,WARNING:ICIP:Identified language: en..04/16/2024 10:36:43,INFO:ICIP:expandedConsentBox fonts are adjusted to 9..04/16/2024 10:36:43,INFO:ICIP:consentBox fonts are adjusted to 9..

                                                                                                    C:\Program Files\Intel\SUR\ICIP\SurConsent.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):387848
                                                                                                    Entropy (8bit):5.952133690358509
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:hn2PW+vln/hoZXxN0G2yw14qaumO7kPW1QZeQ:hnD+vZJoZXxN0fywiqahbPWGUQ
                                                                                                    MD5:4F9C3DB6545E8D95517692A8ACEEA351
                                                                                                    SHA1:1C25094CD50CFE4C4D0866C1A696F1280A557BA0
                                                                                                    SHA-256:7D384CB69F0C5F29F6D364ED23F31C14C388958F11F4DEBD6FD3F5CA9A513513
                                                                                                    SHA-512:D6DD2F6B757DE065956AEA3B5666CB12F0B33DCA9FA60296EF75B9E1EF2C003FF5342E8933AB20E63E6F4F7C3C6B3054C8E82B4F9D50E83A1C62E95C52F04FFE
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........."...0......<.......... ........@.. ....................... ......[(....`.................................|...O........8...............)........................................................... ............... ..H............text....... ...................... ..`.rsrc....8.......:..................@..@.reloc..............................@..B........................H........J...I......).......`...........................................V..(-...('....(......*...0..e........s....}......}.....(........}......}.....(".....(.......( .....(......(......(....o......{....o.....*....0..9........(+.....,...{.....{....o....r...p.{....o....(....o......*...{.....{....o.......o......{.....{....o.......o.....*...{...........s ...o!.....{...........s"...o#....*..0..5.........o$....M.....,..($....M...o%....+..(%....M...o%....*....0..D.........o&........

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60168
                                                                                                    Entropy (8bit):5.981375413901108
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:HPSFFUnEKkxjZe6N8t2J1JBViUcrr2ILXDxgn80PXqBFAGj5SlIooQy6fehdDVoM:HPEUnOZeoHLlzcv21vqAG2IxWelfeip
                                                                                                    MD5:E8920276AFE0E5C47188D1BB1104ADBD
                                                                                                    SHA1:A8B9004BD3C6FC988B8A3184569A8C2149FA5599
                                                                                                    SHA-256:55BE134BA96DBA01C5960205470DE8FB53FCFC6E21489F0D3AB158FD7AC4A8AF
                                                                                                    SHA-512:B103A2871FFF8AB60765E448AAD25EDC093661D877F4E7BA00031FF65CA9972273D04B79FFCF0EF2FF4F5080F32EA03F6F10BC0615B6E3BE7E45701FAF9A7B34
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.................. ........... ....................... ...........`.................................L...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........[..H~............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..0..c........(........(.......(....r...p(....(.......(....r...p(....(.......(....rA..p(....}......}......}....*r..(.....(....&.{.....(....&*.0..X.........(....r...p(......(...........,...rW..p(....s....z.(....rA..p(......(........,....(....&...(....(......(...........,...r...p(....s....z.(....r...p(.......(........,....(....&...$....{.....r...p..o....(..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):50440
                                                                                                    Entropy (8bit):5.246024794809475
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:V3PymNmavZZ4RvMYTyhcAEaSL/BehdDVM1EFiR/g:dPHNmavwBTyhcAEaSL/BeFM1eihg
                                                                                                    MD5:5599CEB0F7298F3AE97DCC61E6F75605
                                                                                                    SHA1:E4C318F5A0170DDE4B7E22FF2D0254193C7726B6
                                                                                                    SHA-256:5FC6AC80A6DE1F862B9744EA97E10EC655D9549E403768587476B5660B4CBE50
                                                                                                    SHA-512:71D36659538A8EF2FA465B427C5B5F4B9B5289EB69A0CCA3B89B3C15764D396005E786F01A4BCA03B47A193F2FD8AB0229E0EE12F0EF0D749F263864DBA11EB8
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0................. ........... ...............................j....`.....................................O........................)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......X7..,{..........................................................B.r...p..(......*....0..V.........s........o.....s........o.....s........o.......#.....r%..p.o....(....r...p(........*..........12.#.....0.............{....o.....+|..(.......{-........,^.......,&..%{/.....{)...(........(....X}/....+.........,$..%{......{)...(........(....X}........})......(....:x.............o......+.*.................0..........s.......}0.....{...........s....o...........,g.s........}(..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):54024
                                                                                                    Entropy (8bit):4.61782702575103
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:2wTo29CQIxU+ByIIin/cByNmYfSpwKNsehdDUCGoGCJEF8ZpHE6c2:2Co29tgbvTn/cByNmYPehdDBEFiRi2
                                                                                                    MD5:5EBA50F7A622A4FD22C90FB8AB9C8B55
                                                                                                    SHA1:37C3196894B15E4031826D8D64CA192463EAE82E
                                                                                                    SHA-256:1A4CE18FD54186B675E98080CCF78264816D5C83CDBC177D9DC199B198E235B3
                                                                                                    SHA-512:D079BA9D714B03FB669A1BBDF3401B7BAC5ADEF1C96FBAA4F24B171246DBEA76028C25F64B40EBF9B77796B0C6DEF5F75290092E96CB4B017AF1C6A2A09F9E90
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.................. ........... ....................... ............`.................................0...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................d.......H........*..t...........................................................B.r...p..(......*....0...........s.....s......o.......o.....o.....o.............,.....r)..pr...p(.....8.....o..............,.....r...pr...p(.....8i.....s......r...p..r...p.."......#..........n.......(...+o............s....o.......o......8......(...........(...%...o....%..(...+....,A......o ...o!.........,.#.........+....o ...o!...vl#......N@[.......(...%...o....%..(...+....,.....o ...o!...vk.......(...%

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):19720
                                                                                                    Entropy (8bit):6.564607776324159
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:FTIIfKZ8PjiBM5d14TcN9zjX2PzpwKNsehdDyGGoGCJEF8ZpH+I:FQBM5ET+GYehdDREFiRT
                                                                                                    MD5:E73DCEA53206F74FFB1F57F76E864FEB
                                                                                                    SHA1:1EF6DDE766DD19EB4E4A62C24CA1A1234552CF6F
                                                                                                    SHA-256:98BB90C80D84A50B7A70DE0F4A846847CDC393B220B2ACD76A3BE90A5C634256
                                                                                                    SHA-512:BA565C39B795A07927B24FD100F2324303A7EA7576180B648168ED3EEBA9657C81F4F652FE3A741B41857491A78C0DD206AB5DEA82D98E4972136E773969A253
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..............:... ...@....... ...................................`.................................0:..O....@...............$...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................d:......H........&.. ...........................................................".(.....*.r...p.....r...p.....r...p.....r7..p.....rQ..p.....rk..p.....*n. ....}.....r...p..(......*..0..............{....(.......(....o....r...p.o.....o.....(.........,...R...o.....(.......@.....r...p.o....(....r...p(......o.....r...p.o....(....o........*.........MN.@.....0...........s......o....~.........(....o....&.o....~.........(....o....&.o....~.........(....o....&.o....~.........(....o....&.o....~..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):115464
                                                                                                    Entropy (8bit):4.398475099016475
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:NwIbQi1eCacDupzwWHxOSaIV2/Xvr8/XT1dsXEKpV2/Xvr8/XT1dsXEKhQq094hz:z39aCuwWHxOSajOJKQOJKC7WHeYfeikA
                                                                                                    MD5:52374499E4E87AB9A926A0F88AD31472
                                                                                                    SHA1:9E94ED866407C38A0798B27D73C153B4F29239AE
                                                                                                    SHA-256:52C224355AC31BD7240A39C67A56C9AB16CB7BB21D95D5CE554D3BA0EA977BA6
                                                                                                    SHA-512:DA76457F66EFC616F058E4E5D2B046A9084C26C674821D8CC4418A60B3F54F30917BD430F088FE58018138776EE6782AC2F0C144E3B0142DD8669F46DAED5DCF
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............V.... ........... ...............................S....`.....................................O........................)........................................................... ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................8.......H........6...y..........................................................B.r...p..(......*....0..e.................o.....o.....(....s............o....(........,E...o...........,1..(.......o....r7..p(....o.......o.....(....&.....+............,h...o...........,%......o....r...p(....r...p(...........o...........,.....r...pr...p(......{.....o....&.r9..p..rm..p......o.......(....&r...p..r...p......o.......(....&r?..p....o.......(....&s........o....ru..po ...&..o....r{..po ...&..o.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23304
                                                                                                    Entropy (8bit):5.9250128735347944
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:tdmrv/1TV/I5pwKNsehdDAKrbGoGCJEF8ZpHFu:tdS/1TV/NehdDxfEFiR8
                                                                                                    MD5:0BAF55A4C2E3C60483E93619C0703AF1
                                                                                                    SHA1:4FF6A476BE32E879253FA59E6329FCB89C11655F
                                                                                                    SHA-256:013E52B30567DD538B449FF1CB337B8F64487769C449743A20130804C42974D0
                                                                                                    SHA-512:A0F8FF1618640203E5CEFE22844C07434E53BB8631E46D8F058E41BCAF5FBB4B85D39611531ECF516A21A828BB4BC9F6A12833868D61816AA65DAC75FB8AC918
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..*...........I... ...`....... ....................................`.................................<I..O....`...............2...)........................................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B................pI......H.......t!...'..........................................................B.r...p..(......*....0..............s......o....r#..p(........o....o....&r9..p.o....rK..p(........o....&ro..p......o.......o....&s......s..........o........o....o.......rz..po........o........o....&..%......r...p..o....(....r...p( ..................,...o!.......*............%................BSJB............v4.0.30319......l.......#~..........#Strings............#US..&......#GUID....&......#Blob...........

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):27912
                                                                                                    Entropy (8bit):6.497891379290863
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:ONK/ILiaTHAcddZMEPKaQEaSCvnDO2pwKNsehdDIeZ0GoGCJEF8ZpHY8J:ONv2+ddZWkr20ehdDpEEFiRr
                                                                                                    MD5:F3A2227735CF959354B32235C30C5F22
                                                                                                    SHA1:CCB79BE7D1E9E57CAD93386BAA9745CDBF409889
                                                                                                    SHA-256:CD1F9E2287AD760359F40B6378FB098720090FFA626E34AD5BAED23C6881D2D2
                                                                                                    SHA-512:CCBA7E71B742DE72FA90A65BEE2D0AAE031BF0A4E9D948824751890F1FC7A689918FDDB63E12A21F871F800B55A4CB4874FA506CB072B848D91D66715D58658D
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..<...........Z... ...`....... ...................................@..................................Y..O....`...............D...)........................................................... ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B.................Y......H.......D0..|)............................................................{....*..{....*V.(......}......}....*...0..<........u......,0(.....{.....{....o....,.(.....{.....{....o....+..*. >.d. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*....0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*...0...........(.........}!.....}".....}#......}$.....}%......}'.........E................................+...}&...+...}&...+...}&

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):347400
                                                                                                    Entropy (8bit):5.599328845872044
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:YK7i7/elypt0S7/PTiG+QgyIED4P2/fZ5ApDIFei:Ni7laS7/PTiGqpDIwi
                                                                                                    MD5:DF920B0C61A8A64652851D4DF7AFFC35
                                                                                                    SHA1:15D97430EBB08EBE223E31A92348EF1A762E2B47
                                                                                                    SHA-256:4E9668D2899B7FDFF612DF84DBDD3BA40FE810A6E3657E4FFB1B49882D32D425
                                                                                                    SHA-512:7827D51D240D1B23CE27ED08E51EE9A29DCD709CB73B5417A37D5B3A6B8B4ED96B77467F79C938778C0B8A785909E521B0BEAE5AE6A383491753D2993A21C978
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............2:... ...@....... ...............................%....`..................................9..O....@...............$...)...`....................................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................:......H........z................................................................{....*:.(......}....*..0..$........u......,.(.....{.....{....o....+..*v ... )UU.Z(.....{....o....X*...0..:........r...p......%..{.......%q.........-.&.+.......o.....(....*..{....*..{....*V.(......}......}....*.0..<........u......,0(.....{.....{....o....,.( ....{.....{....o!...+..*. ..,. )UU.Z(.....{....o....X )UU.Z( ....{....o"...X*....0..b........r1..p......%..{.......%q.........-.&.+.......o.....%..{

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):16648
                                                                                                    Entropy (8bit):6.72528906150354
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:TXqN/nXgGpwKNsehdD+TEPGoGCJEF8ZpHlos:bqwehdDoErEFiR5
                                                                                                    MD5:0D8E6CC9317E1CDDAE8AC51D4B88485E
                                                                                                    SHA1:CB76E5C04DF76552FD9CC318095304C4769FC0C4
                                                                                                    SHA-256:23267E7045AC1AAC45B58F38913DBC739E8B0CD42C352262596AE4557601F010
                                                                                                    SHA-512:6FFE270FE2F486087871A47C012FC611975BB86503E379A4C0979CB1EC3BFEFB786EB62C5E12EDB647FC1B6663364D5D0F68307464C8AEBBD7F93ACF8B3BF729
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............J.... ...@....... ..............................7d....`..................................-..O....@...................)...`....................................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................,.......H.......,"..............................................................".(.....*.r...p.....~....r'..p(.........r3..p.....*..0...........rC..p(......((......(....-..(....-...o.......+....,;..~....(......(...........,..rC..p.(.....r[..p.(........+..r[..p(......+...*....0..........ru..p.....r...p.....(.........r...p(.........r...p.....~....~....~....(.........~....r...p(.........~....r...p~....r#..p(.........r'..p.....~....~....(.........*....0..[.......rI..p.....r_..p.....r...

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):17672
                                                                                                    Entropy (8bit):6.650961834462692
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:aAviAe/YD1epwKNsehdD/xGoGCJEF8ZpH8d:AmehdDJEFiRg
                                                                                                    MD5:56B9B8C7613DFAE09C4E9F33517E180A
                                                                                                    SHA1:72E1452A5333C5C8961EF212D7E36FE550A05271
                                                                                                    SHA-256:2D545020468C41121F1BB15954BEB240FF10FC4736B7C200CFC2CED8D94BF800
                                                                                                    SHA-512:39AC579E4EB543EF68E06AD71FB0BBA6942851DB0905D1728160ADCAE5DB7D1B847D91A21AB384C229C2AD576B1617227B308D84E82E2FB30FFD174B676B6670
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..............2... ...@....... ....................................`..................................1..O....@...................)...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......x"..d...........................................................B.r...p..(......*....0..............s.......o.....o....o....&r+..p~....rO..p(.......o......o....r...p.....(....o....&..o....o......8......o....t.........r...po....(......r...ps..........o........o........,......o ...rZ..po!........r\..prb..po!.......rf..prb..po!.......r...p..o"......r...p..(#...o".......o$...:M.......u........,...o%.........o&......o'...&s(........o).......o*...o+......rj..po,........o-..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):79112
                                                                                                    Entropy (8bit):6.155106338670872
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:DPIoH7rzWjLZLK9S0dgV1IzCVDWeeei/o:DPIoHbkLZLK9SwgV6zgDWe92o
                                                                                                    MD5:57EBE77B1E843D80BD35BFBA9A630E00
                                                                                                    SHA1:3C78C527D473C9294A1BBD027460569A27AB79AE
                                                                                                    SHA-256:995BCCE66A861C4A65DD1987880E9A02C0008117699FAC0E69346E7C4D0A57B2
                                                                                                    SHA-512:BD3C2F57613EDB6865BE326ED0D9B54A0414BE2805D24AAF1921FC6FB095F9178B866F53F24B90BE2C09AC616CBBEAA414066035D848AB6E4112BAF411357C9A
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............."... ...@....... ....................................`.................................@"..O....@...................)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t"......H.......xz...............................................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..l........u......,`(.....{.....{....o....,H(.....{.....{....o....,0(.....{.....{....o....,.(.....{.....{....o....+..*.0..b....... r.(. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*...0...........r...p......%..{.......%q.........-.&.+.......o"....%..{.......%q.........-.&.+.......o"....

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.config

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1739
                                                                                                    Entropy (8bit):5.235481435245165
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:3KGCrN0AA77k0JZZerd+Zeruzo6FBPJMZolNa44FoDoU:PBveoemDPh0ga4Rd
                                                                                                    MD5:E68EE5D235FF0F6284FAA8B190BEB004
                                                                                                    SHA1:EB3A28334C1E15080BC64B49C16C08FAB9B0F607
                                                                                                    SHA-256:6F2257A24675E4CE8C33E171A0AA0E314235F4E05FAAFEEE4006433E374875A6
                                                                                                    SHA-512:A007598D351731F8993F13B46786769B6A6C6EE713C3F09A17CAE38655FB4D219DA400FB7DC453D2ADEAFE5499D6E2C1F4F3429923EB6E6C9E3E23BA92C5D977
                                                                                                    Malicious:false
                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>.... For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->....<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />...</configSections>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />.....</dependentAssembly>....</assemblyBinding>...</runtime>...<entityFramework>....<providers>.....<provider invariantName="System.Data.SQLite" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />.....<provider invariantName="System.Data.SQLite.EF6" type="S

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):681736
                                                                                                    Entropy (8bit):6.1937094444311045
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:MIrNxJLWVkK+dj2Uq/8IDkoOEewrA0tJiS0L+igdYVzMTWBi/mU4jkWj4IkzYNyk:VLWVkK+dj2Uq/8IDkoOEewrA0tJiS0LN
                                                                                                    MD5:2E9B1A1FF4CB54EB4C3D1A8B5C457EA5
                                                                                                    SHA1:7E7F5F4432A65995C09C3AF87FEB7E07CA64908C
                                                                                                    SHA-256:85370C1DC8AB2BE3B9512F5A548C50B7E8F2390ACC843DF107037E4C1C86950E
                                                                                                    SHA-512:91A574F305C445A49117D645B35E30033448E4339A86859D3AF4F40AE9FABC1D9EC4D8EFE5F4838405A2B03E998251501CAAB7C530FEB2DC8FF9CE608FC5508E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I..I..I..@.0.A..W.0.K......R......A......J......L......E..I........[...\.H..I.4.H.....H..RichI..........PE..d....F/d.........." .........r......ab.......................................`............`..........................................................@..H....0..$....>...)...P......`...T...............................8...............h...............H............text....V.......X.................. ..`.nep.....6...p...8...\.............. ..`.rdata..*c.......d..................@..@.data...p.... ...:..................@....pdata..$....0.......2..............@..@.rsrc...H....@.......6..............@..@.reloc.......P.......<..............@..B........................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114952
                                                                                                    Entropy (8bit):6.173918782388426
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:n/KwfT4BizpeIL/F/VeU8rLVchFqS27z0eceiq:njMBgircjXiz0ezp
                                                                                                    MD5:B054244C960E721D4E796F2A23E9E330
                                                                                                    SHA1:D370A4F2A0FDFA74B1CD2329ACD6FAAF9923433A
                                                                                                    SHA-256:1C30ADEB6FD0209AE72E0ADCB765F7BFFD0142156957E64C14AE678470CF13C9
                                                                                                    SHA-512:8E48A2A2E7B375F4C91A09BB5460D554AFB48532F85267885263380CCB43800B1DA10FE6DA01362B631CE6D530EA76E4536D8647200E2EF07F4F85B0770F4DB9
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a............." ..0.................. ........... ..............................=.....`...@......@............... ..................................0................)..............8............................................................ ..H............text........ ...................... ..`.rsrc...0...........................@..@........................................H........... (...........................................................*..{....*.*..*..*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0...........(......o6...(......o8...s....(......o:...s....( .....o<...(".....o>...($.....o@...(&.....oB...((.....oD...(*.....oF

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):28936
                                                                                                    Entropy (8bit):6.052603912458694
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:AAPEv8Adi/tcia2bpwKNsehdD2GGoGCJEF8ZpHKm:tEveJIehdDNEFiRd
                                                                                                    MD5:79885B9DBD36BDDF454BE8359733BCA2
                                                                                                    SHA1:8C544A1A37BD95440F4BE0152707941713E285FF
                                                                                                    SHA-256:64C3F481E8D03300AC216438DDD8781C2810AD4CB15609A56BDDCE2A3833A0AE
                                                                                                    SHA-512:65E9DADFF6A732DA6504C51A33B5E7EEF4D69336A2AF8D8F5B22D26F8DCEA570C286B1119285D569AB9F06041CA2EAC10F4F77A95BD26E8DD8643B27B4EF4EA4
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..@..........._... ...`....... ....................................`.................................d_..O....`...............H...)........................................................... ............... ..H............text....?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................._......H........)...5............................................................{....*..{....*V.(......}......}....*...0..<........u......,0(.....{.....{....o....,.(.....{.....{....o....+..*. `v.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*....0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*B.rq..p..(......*..0..d.........s........o.....s........o.......@.....r...p.o....(....rq..p(......o ....r...p.o....(....o!.......*

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):44808
                                                                                                    Entropy (8bit):5.7430648210168895
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:DDJaUVsuI/9il4xnClyNwBvWehdDqEFiRP:vVsN5NClQe6eiZ
                                                                                                    MD5:68E76911C7CED8D8E1B6531F2B40057E
                                                                                                    SHA1:D8EF9775563B4D83DA57338EA18E65A6BF729368
                                                                                                    SHA-256:44FF59035CE2B02B5F5F7BC275C016BF4FE70EF060807E99C6C5CAB68862B6DB
                                                                                                    SHA-512:7D52E159F6E25598C312B3C290CF3DB4951CC109627765E727BC4C12A989F6F6C64394B66F31B4EC0966BE62007CDF87694758CBB8447DE3071AAB291B13042B
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..~..........^.... ........... ....................................`.....................................O........................)........................................................... ............... ..H............text...d|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......0@...[..........................................................".(.....*....0.............!...}3......!...}4....(..........}0.....}1.....}5.....}6.....+...{3.........X.......-..#........}7....#........}8.....}9....|............{....}/...*..0.............!...}3......!...}4....(..........{0...}0.....{1...}1.....{5...}5.....{6...}6.....+...{3.....{3.........X.......-...{7...}7.....{8...}8.....{....}......{/...}/.....}9...*.0................{0....{0..........,.....8.....

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):34568
                                                                                                    Entropy (8bit):5.2695665518672135
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:tskL8VVbb/ByvDxY8aGpwKNsehdDtYVpGoGCJEF8ZpHPAUt:tskQrByvDxYlehdDWV5EFiRIM
                                                                                                    MD5:7E2B726E3F6D44F1BCF79FBFDEF181B9
                                                                                                    SHA1:010B0F15637A330B732CAB1D2CA633510CDF9123
                                                                                                    SHA-256:6EB15E32486E2C260E16599E0FC7F0746D4228022E589F64F280C5FACF645C59
                                                                                                    SHA-512:43C22654E1546099407A85F753436F738AF287AC7AB2F7BD88663CD0F2932F871723046FF4A86ED5E60117936F011647C26BEC1EAF261AFC358BE5E32E01DB17
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..V...........u... ........... ..............................C.....`.................................Hu..O....................^...)........................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B................|u......H.......H#...R..........................................................B.r...p..(......*....0..............s......o....r3..p(........o....o....&rY..p.o....rk..p(........o....&....o.......o....&r...p..r...p......o....&....o....&r...p..r...p......o....&....o....&r-..p......o....&r.).p..re*.p..r...p......o....&....o....&....o....&re5.p..rJ6.p......o....&....o....&ri8.p..s.........o......r.F.p..r>F.p....o....rNF.po....&..o....rdF.po....&...o....o......+{..o....t.........r.F.po..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):18696
                                                                                                    Entropy (8bit):6.580078675428172
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:JR8ZRfl24OvOng+pwKNsehdDeFwGoGCJEF8ZpHXQL:z8jkqKehdDgKEFiRu
                                                                                                    MD5:4598D68CC8A6ED5554EB3D8C534AACE4
                                                                                                    SHA1:08023FFC5FB713BA329B688B66FAABF6B57EAB2C
                                                                                                    SHA-256:C0327D139B69B690B8833E889FC0AC65FF23F87D2FBF874BF128EBE2E1EFD71A
                                                                                                    SHA-512:9A6160F85E88F4B2A6673CBF48AA6ABC2FDF978FAF012D96F69A22F899A07362B30B003092DEA72E8C2860B6AB873C4A367B95C722FF68C3574B97DE01671A71
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..............6... ...@....... ....................................`..................................5..O....@............... ...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H........#..............................................................B.r...p..(......*....0...........~.....Y.....~............,Y..(....o....o.......0..+.........6...o.....r)..p....(....r...p.o....(....o................(....(........,...o.....r...po........+.~.........+...*...........!>.6.....0............,..o.......+....,..rd..prt..ps....z.o.....r...po.......(......,....(......+#..o.....r...p.....(....(....o.......o.....r...po.....*.0.............(....r...p( ....+..*..0..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):34056
                                                                                                    Entropy (8bit):6.369936227124653
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:70N9iG4bDjCeIq/dE9fJnFxBhW8AhkKRT0548SiMmXTmJSwgpwKNsehdD5YGoGCp:7tbDjCkl6Jn61u+ehdD8EFiRv
                                                                                                    MD5:93403CFAB5166AC3A74CBC4AC0CAB845
                                                                                                    SHA1:4245EEC6CC389053A9EB94AAF6F886BD0D48C8DE
                                                                                                    SHA-256:C08A10FF6C9E911F611AF3E766F98B84D9FE91B8DEC369BF96B0C8CB356DCBA4
                                                                                                    SHA-512:8433FABF1EB8643565ED97FADFC33190996AC7B736059C5EEDA1295A4008CD19AB573168D9A3681F4EA99F1A20B2D4F90FB0C1E650D21DDE018432960299AB13
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..T..........Vr... ........... ..............................J[....`..................................r..O....................\...)........................................................... ............... ..H............text...lR... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B................8r......H........<..l5............................................................{....*..{....*..{....*r.(......}......}......}....*....0..T........u......,H(.....{.....{....o....,0(.....{.....{....o....,.(.....{.....{....o....+..*.0..K....... .Y.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{ ...*..{!...*..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4992776
                                                                                                    Entropy (8bit):6.0989877796880325
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:YPrnRLX8ziolcD5jX24Y/g1YmNBayW5Ci72yEBzw9vbn:ont8zi8o5jX24Y/fmLaZv7xz
                                                                                                    MD5:84FF977613B2358955E25059351AF329
                                                                                                    SHA1:AD39FBD5EE967399C8F228D22ADAD1B2EEB6DC5C
                                                                                                    SHA-256:C870B3390EB2C0B5E07E39E2845533400F11B58BB1DE1A6F173054BD834921F5
                                                                                                    SHA-512:3E60F41AA62EDFA679817FFB62FA29CFA7B7D61C732E60236888453D0A75A260EECE5A06A7607E5171A58B138C80252626D36DB1FB1D4EB793128437A8BD553B
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K...........K.. ... L...... .......................`L......L...`...................................K.O.... L.$.............L..)...@L......~K.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.... L.......K.............@..@.reloc.......@L.......L.............@..B..................K.....H.......T0....).........l.A.....d~K.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33032
                                                                                                    Entropy (8bit):6.3526957478149795
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:g0pXsrhiQN744HKcw6JBw/sLJIU7soYnX9Kd0rCzzT+B2RkxoPivWjWhIWHpwKNZ:VgtjtryrsTNcTCehdDuwEFiRR
                                                                                                    MD5:22A55FE100562B6A454F9F52132378B0
                                                                                                    SHA1:D85DE6B865855546C8487C439AFB02532EB3A712
                                                                                                    SHA-256:9F5FAE008959870E17D61CAF428DCA0A86A98B24CE728B1ED57F7D967711BF59
                                                                                                    SHA-512:156A7278882A5C2C32C793C64E15B16BD24EC0F4CEB1D70245C05514722BECEDCB2D27965A3452726A0A40D2BE2C8B961AAE3BD8DA88FFEB59DAC342EBB45848
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..P...........o... ........... ....................................`.................................0o..O....................X...)........................................................... ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................do......H........3..L;...........................................................0..L............s...........(....s.......o....t........,..o........r...p.(.....s....z.*........ +..........56.......0...........~....%-.&s....%......+..*&.(......*.0............s......o.........,.rG..p.(....s....z.o......{....,&.{.....o....,..,....{....(.......+..+....,....(....}......}......}......{......+...*....0............,..o ......+....,..s!....+...o ...s"....+..*.r...p.....*...0..1........~#....~

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):66824
                                                                                                    Entropy (8bit):5.209325187291363
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:kcBH/CbuhOfPTgssgkIvzrHaY/TL4oY/TL4yY/TL4y9Y/TL4g7E4AbeBTYuGBgu0:kcBfCGFDe5m
                                                                                                    MD5:3849A7A0A5E953E48237D0A490A6A70B
                                                                                                    SHA1:E7168E6FA5B7C0489B33A56DBA08230C0F5DD6AC
                                                                                                    SHA-256:DAD98F1D1F932968CAAC365346F2DA4351F209F9E41F82D225381B95989C2A6E
                                                                                                    SHA-512:71E9DE2A1965C7301497233570098261D202D9EBD0D35E3969DDD188325E9A4A1BE53AAB74D4E9C15F49EA2DB9EBA6CCC29198EBA2B0C73FAA455D148DB790F9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.................. ........... .......................@............`.....................................O........................)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........A................................................................{....*..{....*..{....*r.(......}......}......}....*....0..T........u......,H(.....{.....{....o....,0(.....{.....{....o....,.(.....{.....{....o....+..*.0..K....... F... )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*B.rs..p..( .....*.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):29960
                                                                                                    Entropy (8bit):6.352127218517135
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:Kxcnv9jQTGzRP0lCEhe/7sGqWY/ebj/pwKNsehdDGiDGoGCJEF8ZpHPI:FBfTvsGfboehdDREFiRA
                                                                                                    MD5:10045F0DABFCDCE28D3EDD991D5C08BA
                                                                                                    SHA1:5EA9D3DFE43DF900BA1DFDDD7821F8444D88B0CB
                                                                                                    SHA-256:F235E8D1513E3A18273C25066E361EEB420B9E757EC2ADE81A3597053A48ED3E
                                                                                                    SHA-512:C8885200019D6CEB467F8831652CE0295DB44DA1278D8421BA69CBF6E978C9F77D85EE08B616B564F517E0C0E33BF58E845A351419445B20D7E2BC01F8B4895A
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..D..........jb... ........... ....................................`..................................b..O....................L...)........................................................... ............... ..H............text...pB... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B................Lb......H.......P4...-...........................................................0...........s....%r...ps....% ....o.....% `...o.....%~....o.....o.....%r...ps....% ....o.....% `...o.....o.....}.....s....%r...ps....% ....o.....% `...o.....%~....o.....o.....}.....r;..p..(......*....0...........(........o.....o....s.........~.....o.....o.....{....#.........o............., ....ru..pr;..p(......o...........o ...o!............., ....r...pr;..p(......o............!&....ru..pr;..p(......o...

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):21256
                                                                                                    Entropy (8bit):6.568686344387774
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:AAuCT7TUjkmG2hA/cjJtCtFropwKNsehdD763AGoGCJEF8ZpH8q9swXZ:5ucUjkmQciF5ehdD76qEFiRRZJ
                                                                                                    MD5:D84360C1158EBC673ED5F685A26FF93D
                                                                                                    SHA1:C63DA1A681C001C0E3A613EF548975425644B376
                                                                                                    SHA-256:32466F3BE4DEADF3DE57DAFD4112684112C1F0E39D1CD1B62385BDE5C83669DA
                                                                                                    SHA-512:00EDC66B64C77D7CBD8AE298E2EE072FF5A193B338BA4EF5F601ABB81196E49A45B648172EBF307E0828EB4084254E6B4C63F2D32A361F2A151A02BBE334A398
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.."...........A... ...`....... ....................................`..................................A..O....`...............*...)........................................................... ............... ..H............text...."... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................A......H........'..............................................................B.r...p..(......*..{....*"..}....*...0..;..........(.....(....o....&r/..p.(....o....rA..p(........o....&+.*..0.............(....o.....o....&..(....o.....o....&..(....o.....o....&.(....o....(....-'.(....o....(....-..(....o....(.......+....9.....s........(.....re..p.(....o....(.....r...p.(....o....(.....r...p.(....o....(.........o....&...o....&....o....&....,..o.......+...(.....r...po......*........k.......

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):36616
                                                                                                    Entropy (8bit):5.706543074835348
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:nlPqErFLvNIklMoWziVd9lLtehdDXEFiRk:lPqEBLvNImeiLteneiu
                                                                                                    MD5:F85AE47D081E83BF71941C410F2C42B9
                                                                                                    SHA1:2212ADFCB1AD0D726A92F2387EB2F1758B520B49
                                                                                                    SHA-256:63E48DB2D66801D21BCBC02249C202D5B28484BBF961BEE15BBAF128F5B5D21E
                                                                                                    SHA-512:3A0CC4CC3BDDF8F2443093B5EFA8572A4E5F417489FD15DA3CEDE53E5BBDB796A6012D22C06AEABD5CD43BC818D2E16E7346789302D05105027923362B68FBA8
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..^...........}... ........... ....................................`.................................|}..O....................f...)........................................................... ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B.................}......H.......d1...L..........................................................B.r...p..(......*....0............s.....s.....s.....s........r...po........r-..po........r?..po........r_..po.......C......r...p..o....(....r...p(......o.....r...p..o....(....o........*...........TU.C......*..0...........r+..p.s........o.....o....o....&....o.......o....&s.......o.......o....o.......o.......o.......o ...&..C......r...p..o....(....r...po......o.....r...p..o....(....o...................,...o

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):40712
                                                                                                    Entropy (8bit):5.915007140993712
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:ZfE3fgPUNgfE3fgPUTnfE+QRa4umBfEjvjK+QRa4umWkdK0rrwuQxtfBehdDXvEo:ZfE3fgPUNgfE3fgPUTnfE+QRa4umBfEa
                                                                                                    MD5:C8722C2C075373DA3DAD6006F70502C4
                                                                                                    SHA1:7FFC1998EBF3E9159539FE7868CF3813D9D46985
                                                                                                    SHA-256:BF1D198A3DF3EC48D9CBF7C67DBEBB1D97A6266B640C64B9770B14701837E944
                                                                                                    SHA-512:DCC9EE4B12804699463825F85C8EB03E3822AB45ED2540594FDC1D4B9AA4C1E27C7004D8EAD27955C81A6188E6AEDB51E48A5CDDBD48C4C776E0C25A0115CE44
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..n.............. ........... ....................................`.....................................O....................v...)........................................................... ............... ..H............text...0m... ...n.................. ..`.rsrc................p..............@..@.reloc...............t..............@..B........................H........B...I...........................................................0..m..........(......s.....s........+_....o.......o.....o.......o.....o.......o.....o.....o.......o.....o.....o....(....o.........X.....o.....i......-....o.....o.....o....(....o......o....o...........,...o.....r...po..........o.....o....o....&s........o.......o....&...o........o....o.......rE..po.........o ...&..$....o.....rq..p..o!...("...o...................,...o#.......*...A4..........'...0...$.......

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):50952
                                                                                                    Entropy (8bit):4.439065990820741
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:9qQ/pcIr0L8L9gjij9dcUpwKNsehdD80GoGCJEF8ZpHOuwM:9qQ0L8LijijMehdD9EFiRPf
                                                                                                    MD5:41D499BE267D646260AFCF6115E84D70
                                                                                                    SHA1:EA9578EF015224DBE6B0CE58CC85DFE7F0DAE8B7
                                                                                                    SHA-256:7314DB0433E768E88156103C2CCBB89CA9C825BC14FCE9DD6F5FBC25AA65537D
                                                                                                    SHA-512:7856F1D4016516D41C8D2C161E605A4F7BE73E25F8F52E49F234006D6063B4F9F0A0387BFFA0A99A88A6CC5B3E5FA33D6FF71DB17A80A4C8D925ED829B36D69E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0................. ........... ..............................y.....`.....................................O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........#..p...........................................................B.r...p..(......*....0..s...........s......o....r-..p(........o....o....&rM..p.o....r_..p(........o....&....o.......o....&r...p..r...p......o....&....o....&rc..p..r...p......o....&....o....&r...p......o....&r.(.p..rm/.p......o....&....o....&r.S.p..r7\.p..r.a.p......o....&....o....&....o....&r.f.p..rzg.p..r{h.p..rxi.p..r.m.p......o....&....o....&....o....&....o....&....o....&r.m.p..r=n.p......o....&....o..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):18696
                                                                                                    Entropy (8bit):6.715444569921705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:MWV4USuvV4pwKNsehdDDjDGoGCJEF8ZpHKwt:jVVzehdDf3EFiRZt
                                                                                                    MD5:9E4A26FBFC704D25AD5C81B1B5081BF8
                                                                                                    SHA1:843FBB1E68EA7E415D3D8E380FC915B9234001FD
                                                                                                    SHA-256:5DEFF13FADB1BF8C66E4D5E9212C7DCFAADFECE1C94A80B0EF55BCABDB68ADF3
                                                                                                    SHA-512:4F3AD031E9F55724F4BF13D9886A464E5FA7532BBD185F62CC20CBE80BF7E6A593A2C2CF1F2DA13A2A3A1752D48AD742A6920E9268C9D44B2904F89AF549E046
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..............7... ...@....... ..............................1.....`..................................6..O....@............... ...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................6......H........$..............................................................B.r...p..(......*....0..................s.......o.....o....o....&(......~.....o.....o....o...............,.....r-..prq..p(......F....{...........,T..~.....o.....o.....{....#........o.............,........{....(......+....o.......+....o.......o....r...p.#...(....o....&..o....o......8......o....t.........r...po ...(!.......r...po ...(!........j......,/...r...p..vl#.......?Z..vl[.("....#...o#.....+8...j.....

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (17652), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):17692
                                                                                                    Entropy (8bit):4.882802627437235
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:X48ppJhXmjh6YDrDlKNdZtfMreRaVbfT36hD5s61TO:X48pfZK6YDfELKCo53695P6
                                                                                                    MD5:5ACDF6F167F4AF42D0E04A0F4CD0D2D3
                                                                                                    SHA1:BB22F780CABF835F41AFCF74F8570BA4725B3F08
                                                                                                    SHA-256:EAB09AD7512D63A72C9A7EAD089D9B8E164BC8174A6BA21AE6064A1E9A7E52E8
                                                                                                    SHA-512:7CEEA4F45C3A0ECC02EBECA18F56A54C0A5FD3A8D143C037029F674AE4DA9CECA27D7B7F067225FD2E3FBFCD67906BB845DCA29B6ADFDD7A4C9E67AE7ED5F518
                                                                                                    Malicious:false
                                                                                                    Preview:INTEL SOFTWARE LICENSE AGREEMENT (OEM / IHV / ISV Distribution & Single User) IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. Do not use or load software from this site or any associated materials (collectively, the "Software") until you have carefully read the following terms and conditions. By loading or using the Software, you agree to the terms of this Agreement. If you do not wish to so agree, do not install or use the Software. Please Also Note: . If you are an Original Equipment Manufacturer (OEM), Independent Hardware Vendor (IHV) or Independent Software Vendor (ISV), this complete LICENSE AGREEMENT applies; . If you are an End-User, then only Exhibit A, the INTEL SOFTWARE LICENSE AGREEMENT, applies. For OEMs, IHVs and ISVs: LICENSE. Subject to the terms of this Agreement, Intel grants to You a nonexclusive, nontransferable, worldwide, fully paid-up license under Intel's copyrights to: . Perform, display, distribute, and copy the Software internally for Your own dev

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):41736
                                                                                                    Entropy (8bit):4.6564751074312545
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:AGTPBySUEWOT0rryI6NvrrrlgdzhTKpwKNsehdDZxGoGCJEF8ZpH64x:pByDOT0S35g51ehdD3EFiRR
                                                                                                    MD5:9969CE2C8532920FF39D2638AB490C00
                                                                                                    SHA1:02EEDC44CFDC77F77D1FF40FA77D48DD73A06344
                                                                                                    SHA-256:9D1F5AE7DCC6F9059FDBC936949BE92E5F2EB7BE720F54C39EFB6F03D91D94DF
                                                                                                    SHA-512:68F10395BC144DA3C82B9D5BBEDAD3C93B8D9719943286013208DECA037DCAD7B8C116AE29A93B53DCE7157C1FB89F597702B081DAEDD1590DD3914100B5E26D
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..r............... ........... ..............................V.....`.................................<...O....................z...)........................................................... ............... ..H............text....q... ...r.................. ..`.rsrc................t..............@..@.reloc...............x..............@..B................p.......H........!..ho..........................................................B.r...p..(......*....0../...........s......o....r;..p(........o....o....&ri..p.o....r{..p(........o....&r...p.r...p.....o....&....o....&r...p..r...p......o....&....o....&r=..p......o....&r,).p..s.........o......s.........o....o........o....o.......r!e.po..........o....&..%......rSe.p..o....(....r.e.p( ..................,...o!.......*.A4..................%...............................BSJB............v4.0

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32520
                                                                                                    Entropy (8bit):6.3630493172424405
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:GhV+hlsc1djFdcEEvFS3adLrvbMIJ/lpwKNsehdD+gNtZGoGCJEF8ZpH63AWkM:GhVu1PdgvF9w4yehdD5xEFiRkJkM
                                                                                                    MD5:8D12D9B2B2C756EE3D2263ED7CEEC374
                                                                                                    SHA1:1CF2FFE326B985F66E6DE8C29A8D9C11700B9A18
                                                                                                    SHA-256:FA57835FFDDF2534B6CC5BD7516A4BFF6666EF5ECF62FA62537F958A90CDA7B6
                                                                                                    SHA-512:1BB495725DDEFF4F041ACAFC12332DFAD50C992799BCEB83ECB7597CDC9A2AFF248C03CDEB57A6B9DA8C460A14B46E004C547D5536392F76B2CFD99216967EA9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..N...........k... ........... ..............................?.....`.................................0k..O....................V...)........................................................... ............... ..H............text....L... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B................dk......H........3..L7..........................................................*..(&.....*..{....*"..}....*.0.................,..r...pr...ps....zs.......o.....+?.o........o....{....(.....(...+.($....s........o........o.......o....-....,..o........(.......(.....*.......(.Ks.......0............s......o.....*.0..l.........(......,..(.....rK..po.....~.....+E...4...%..:.o....(...+..(......, .(.....r...p.( ...o.....~.....+...+..*..{....*"..}....*....0..Y...........5...%.....(!...}........

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.config

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1757
                                                                                                    Entropy (8bit):5.1158520353969
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:3nVvN0MD7g0l4ZWFZerH+Zer+EoONhFxPJMZolde44FcoO/kn:lxfsYe6eTrfh0Me41Pkn
                                                                                                    MD5:4721CFC5027A1C50A715F308DA28BFB7
                                                                                                    SHA1:F69F2E0ED8605DE984318CD2F846C5C6501F9EB2
                                                                                                    SHA-256:6797347A2433934C2B4F9736B1FB2A5853989DED6D7259B7C3F9DC8069C9BD29
                                                                                                    SHA-512:974A64224B03608FF40119F32787F0C47872FE06053633D3EF0467E97379F70704075C1DEA5177912E041EE6376627E39DFF67F461BF826810A02BC26B078D72
                                                                                                    Malicious:false
                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>.<configuration>. <configSections>. For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />. </configSections>. <runtime>. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">. <dependentAssembly>. <assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />. <bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />. </dependentAssembly>. </assemblyBinding>. </runtime>. <entityFramework>. <providers>. <provider invariantName="System.Data.SQLite" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />. <provider invariantName="System.Data.S

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):38152
                                                                                                    Entropy (8bit):5.262164192366947
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:WtPmS13TW4IZFm1TBygg+S4Ak2pYN1pwKNsehdDNu0KdGoGCJEF8ZpHWZgY:WtPmSBBsGTByzZZehdDtKlEFiRE
                                                                                                    MD5:1C478D932758C5CD57E47B7A18379563
                                                                                                    SHA1:85914B5DCE42EDEBB193A7CD1FB1C053434D18CE
                                                                                                    SHA-256:B6E5096BE9A402D76C5A94304494A8B46BA0A675BA422AA6A558FAD1AEA63160
                                                                                                    SHA-512:F82323B0A0FFA63DA0AE7A8A7850FF1636CCBBEB2AD6DBCF4F2E45FC54203B04FE83F9E91E1C1AB739B547DC19A89DDD4C6BE737790D3F222F7B2796C0CCC3F6
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..d............... ........... ....................................`.................................@...O....................l...)........................................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B................t.......H........0...Q..........................................................B.r...p..(......*....0................s......o....r+..p(........o....o....&rI..p.o....r[..p(........o....&r...p..r...p......o....&....o....&r}..p..r...p......o....&....o....&r...p......o....&s.............%.r.).p.%.~.....%.rB).p.%.~.....%.r9*.p.%.~.....%.r(+.p.%.~.....%.r',.p.(.............%.r.).p.%.~.....%.rB).p.%.~.....%.r9*.p.%.~.....%.r(+.p.%.~.....%.r.7.p.(..........o......s........o....r.A.po....&..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20232
                                                                                                    Entropy (8bit):6.171503660010661
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:EGM8EUpwKNsehdDZYYGoGCJEF8ZpH3iMO:E8GehdDZEFiRyMO
                                                                                                    MD5:DF7DC31848DDF2B0B3DD862A8CCA1858
                                                                                                    SHA1:3DBB076DC3DD07CB766760EEB3815C92D3EA6BDF
                                                                                                    SHA-256:C828149DCC8E78B7896DE82DA6D23C78F3A34050C73E24C5C60E70F44BAC5969
                                                                                                    SHA-512:0469B50EEC9D8250266733C59EFD3E36EFBA08A080F435BC1802D5CAC9426BB64A4AB62B5DF9FA693364E8442F955D9582F94BB5FBD4821A679B8025409BA440
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..............=... ...@....... ...................................`.................................x=..O....@...............&...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......X!.. ...........................................................B.r...p..(......*....0..............s.......o.....o....o....&r#..p.....o.......o....&........,...o.....r...po......vs.......o.......o....o......rb..po.......o.......o....&..$....o.....rv..p..o....(....o...................,...o........*............$................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........W..........3................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):49416
                                                                                                    Entropy (8bit):4.501343313723632
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:EwyxhGmyeGBy+oSdAopuo9oFpz3S6QpwKNsehdDhPGoGCJEF8ZpHUOYDD:LTBBy+oSdJklehdDJEFiRKP
                                                                                                    MD5:C6EF8F78BF2FDCD6C65A75D31685E109
                                                                                                    SHA1:6BA06EB35F4DB305E68F3BE1579E3FA2D2EC5C2C
                                                                                                    SHA-256:7EBEBB4A37B7ADFFB14F71ABC692164A19875CEC589881FF791865C7BE40B1E2
                                                                                                    SHA-512:B173814E25E9294EDDE81E160632BB38DD39F79BA65EE857319275769F64C0776F147610EC0F9537FEB9B526824B09390C40C55EA34256F3D312AF9A563F5375
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............^.... ........... ....................................`.....................................O........................)........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......D#.............................................................B.r...p..(......*....0..p...........s......o....r)..p(........o....o....&rE..p.o....rW..p(........o....&r{..p.r...p.....o....&....o....&ry..p..r...p......o....&....o....&r...p......o....&s......r.).p.....r.~.p....o.......o....&...o........o....r.~.po....&..o....r.~.po....&...o....o......8......o....t.........r.~.po....o .........o!.......,....o".......o#.......($..........,>....(%.......r.~.p..o&...o'....

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20232
                                                                                                    Entropy (8bit):6.54285422282102
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:6oSIXQcgNKa8E1QNLCFh6ajuH0pwKNsehdDHhUGoGCJEF8ZpHaU:W2gN/8zW0hehdDMEFiRd
                                                                                                    MD5:60065EAC9D0B59D06FB15C4BF3F920A4
                                                                                                    SHA1:25D0FBA95F634199982CB03031844BFEF5C2DF6E
                                                                                                    SHA-256:8092AC3C63DF5BD92014C2B745E8FE2BB649BAD123FE74744670694E8E192D64
                                                                                                    SHA-512:751C3E37D1BA8CA9580109C5209A29E63C2E9F474C8742B3ECA95DD539DAABB70F20B128CDC0261584A014C34E40D156AED2259C640FA52040587D1A3CE6976D
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............b<... ...@....... ..............................q.....`..................................<..O....@...............&...)...`....................................................... ............... ..H............text...h.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................D<......H........%..0...........................................................n.r...p..(.......s....}....*.0...........(....o....o....,4(....o....o....o....,.(....o....o....o....o.......+....,.....r/..pr...p(.....8....(....o....o....,7(....o....o....o....,!(....o....o....o....,..(.......+....,.....r...pr...p(.....8R....o....r...p(........o.....o....(......(.......(......(........,.....r...pr...p(............(......o....rC..prK..p(.......o......(........(....o....o....o.....(....( .

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):205576
                                                                                                    Entropy (8bit):5.718726349185416
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:tciv7OSrVitVdEhZdvKcN1Ubz5YXFjY/0VmXVPkj2Vj2UoefMX:Rbp5LN1Ubz5e88ABoe0X
                                                                                                    MD5:E9DE96B8528400A2BD4FA213221F314B
                                                                                                    SHA1:FBA49F55C2571AB93964123F8689C9E2E7CB54A7
                                                                                                    SHA-256:AA8A929C39427A3F3F0EFC50DD382313F26ACF496FA9FF074AED45B5AFF9BAB8
                                                                                                    SHA-512:42CEB6C192FC3F4DBFE62E7ABFD1C669E97CD909992AB047519201D5FEE2F6D0A61B6835B2B669F84844316451F1B806467558461C89544C06B49687F2745A09
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........."...0.............&.... ... ....@.. .......................`............`.....................................O.... ...................)...@....................................................... ............... ..H............text...,.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H....... (..$.......4...D....0............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.config

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1894
                                                                                                    Entropy (8bit):5.2546246214715335
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:3KGCrN0AA77k0CtBZerd+Zeruzo6FBPJMZolNa44FoDop:PBQleoemDPh0ga4RU
                                                                                                    MD5:B202F161A5C6891FB780A1719BA5F066
                                                                                                    SHA1:E0F37FEC6472B1DD89805FF800886C7B84209F12
                                                                                                    SHA-256:56FCEEA5F3347B7C8E3AE874C6934E1B6A036BB4598C7763C8B52BDBFE0A546E
                                                                                                    SHA-512:CEEDFAB7B68BCFE6521FA5D4EBB49F2EDFE6004A110DE88C7A5A3F98DAFEA0396941C0C8A915073B750121C003EA9B90B19C3439F96840169F831D19DBF2C89F
                                                                                                    Malicious:false
                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>.... For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->....<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />...</configSections>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />.....</dependentAssembly>....</assemblyBinding>....<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false;Switch.System.Net.DontEnableSystemDefaultTlsVersions=false" />...</runtime>...<entityFramework>....<providers>.....<provider invariantName="System.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):195336
                                                                                                    Entropy (8bit):5.958421960462277
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:YNh7rncCmjLf59v+I1XugZc6KP8cIhecr:Yb7zmjD59x+Z6KP8cmeK
                                                                                                    MD5:7F1CB188AB8777BF9EA1BDBCFFC8DCCA
                                                                                                    SHA1:1475A1CC1F406F2A79FC611B7A57FBA0642C79FE
                                                                                                    SHA-256:2FFF48F6E995A737D41D50FC7051A56135BA0B604D6BDA064F696C8CB8E5BD06
                                                                                                    SHA-512:56FAB52A894294B507F6141216093C6F1FE59F023A46761E1A9A6371744A8B3E1A6DC47D2AC497274F3BC26A84E567827FB8E4753B41CDBE7EC8A3A72A2A8A86
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..0.............N.... ........... .......................@......3,....`.....................................O.......X................)... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B................0.......H........................W..p...D........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):392456
                                                                                                    Entropy (8bit):6.0741706827275
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:NHABaZr57Zfgk1i2RiZ0g+kzAHCapWW2Mpd9oXJ93Ta/p97iNsNL4rfiBCFNFfcl:+kZr57r1i2RiZGkzAHCapWjP7jsNLpBn
                                                                                                    MD5:50D6CC589239BC3138B533B01B86B953
                                                                                                    SHA1:079184E0DCA8121AC9C681E361EC76FA28C06061
                                                                                                    SHA-256:A3F43B38AF07A078EDA181B3A077899B70919AC761A10CEDAABCCCB23523CC24
                                                                                                    SHA-512:548530585F7438F07D9F4A22F12FC5C021334AD5C198C6CA0B443997CD886B5433AF5262C3EC368B386557B203557E6B6596F2FF88BA6C95090A5B1DBB74A001
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..0.................. ........... .......................@............`.................................|...O.......$................)... ......D................................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc....... ......................@..B........................H.......h8..............tU..P...........................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(.....(.....(.....r)..p.(........(_.....~;...(<...,z.....s....}.......}.......}............{............%......(=....%...D....%...!....%...%.........%....%.........s....(/...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(=...o>...s?...z*.0..(........{....-..(......o....&....(^

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):24840
                                                                                                    Entropy (8bit):6.541005566022778
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:Smbq+UEonbrFf8n/HD8vexpwKNsehdDrtEEGoGCJEF8ZpH3HShy:fF4nbmj8jehdD3EFiR3Sc
                                                                                                    MD5:A670B8DE3FE99920EC8A0E1A1C82EC64
                                                                                                    SHA1:7B07644CA24E895854CC3764D88A46B88DDF38D9
                                                                                                    SHA-256:85919319DB4E5F89CC97FE7DA71839A2D1BD14FA41459DD300566B55F93C72B5
                                                                                                    SHA-512:474BBD03C573998A9037EE78FE2F5A8B46BAA95FB1ADC8FBB3FCD7BD46A84F9A0840CF99D1387B5BF280BC31E5F165CC529E5147FF334F5826096C7E6263DA76
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..0...........N... ...`....... ..............................}.....`..................................N..O....`...............8...)........................................................... ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B.................N......H.......x*..,$............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0...........(........o....(.......o....(........(....(........(....(........(....o....o....(........(....o....o....(........(....o....o....(........(....o....o....(.....*..0..b..............,...+S.o........r...p(....-).r#..p(....- .rI..p(....-..rg..p(....-.+...+...+...+.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.config

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1757
                                                                                                    Entropy (8bit):5.1158520353969
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:3nVvN0MD7g0l4ZWFZerH+Zer+EoONhFxPJMZolde44FcoO/kn:lxfsYe6eTrfh0Me41Pkn
                                                                                                    MD5:4721CFC5027A1C50A715F308DA28BFB7
                                                                                                    SHA1:F69F2E0ED8605DE984318CD2F846C5C6501F9EB2
                                                                                                    SHA-256:6797347A2433934C2B4F9736B1FB2A5853989DED6D7259B7C3F9DC8069C9BD29
                                                                                                    SHA-512:974A64224B03608FF40119F32787F0C47872FE06053633D3EF0467E97379F70704075C1DEA5177912E041EE6376627E39DFF67F461BF826810A02BC26B078D72
                                                                                                    Malicious:false
                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>.<configuration>. <configSections>. For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />. </configSections>. <runtime>. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">. <dependentAssembly>. <assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />. <bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />. </dependentAssembly>. </assemblyBinding>. </runtime>. <entityFramework>. <providers>. <provider invariantName="System.Data.SQLite" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />. <provider invariantName="System.Data.S

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26376
                                                                                                    Entropy (8bit):6.40677669597649
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:2jxTJ48dNZEIR0NsFm6+U8uwG1+m8CpwKNsehdDfw89xGoGCJEF8ZpHce:4TJHR4+pnv8ehdDJEFiR1
                                                                                                    MD5:0095C58C774C0296CD09B8469A92EF09
                                                                                                    SHA1:7DE53EFCE5D27020D6F4FCB06B6FFA0111D62C9F
                                                                                                    SHA-256:E13D03A1C170E8DE89E8B6B601E4B066E25E01DFC278A725E6C9115C8AB79EB7
                                                                                                    SHA-512:4E273DFAB7ADA6F595C670A6D9DD5EA918E7F22EC9616FEB08AB649AA68D633512F5FD568D9C6BE986DB0CE2035E8C54D180E6F4603E5F88F5D6EF435B628F41
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0..6..........bU... ...`....... ....................................`..................................U..O....`...............>...)........................................................... ............... ..H............text....5... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............<..............@..B................DU......H........1..P#............................................................r...p}......}.....r5..p..(......*..0..P...........(....,.(....o.......+......,...o.....rw..po..........(....o....o...........,...o.....r...po...........(....o....o....}......{.....o....(.....s.......o.....o....o....&...|.....o....(......o.....r...po.......{.....o....(......,".{....o....,..{....o....(...+...+......,.....r...p.{....(......&...(......~.....o.....o....o.............,.....r...pr5..p(........

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):21256
                                                                                                    Entropy (8bit):6.5813829642147095
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:+6KdEenvr7++mz/fqiQiT1A6pwKNsehdDGeRGoGCJEF8ZpHof:+vHrxm/YehdDNREFiRM
                                                                                                    MD5:1C51E63C5646EC66A0FA18ED36EE6657
                                                                                                    SHA1:5B596E90F211A3E0855A0C7909DB85F8427C4463
                                                                                                    SHA-256:4D865789FAD21BD7367E26EF68380FB9A012EA1C84BCE2F815A45FACF9B74577
                                                                                                    SHA-512:BF0EDF69A9EBC978DAFF09889E0D982376DD420DE114C71C56F22F255479F1EB0CCB87B3E94F2F7FC7CD56FD1BE4C74E73FA824CEB0D8B72827D249898EC503B
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.."...........A... ...`....... ....................................`.................................LA..O....`...............*...)........................................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................A......H........(..P............................................................. ....j}.....r...p}.....r...p..(......*.0.."........s.......o.....o....(........o....o....&..o.....|.....o....&....,..o.......(.....r7..po.....(....o....,.(....o....o.......+....9y....(....o....o.......o.........8I..............o........o........o........o .......o!.......o".......o#.......o$.......o%.......o&.......o'.............o(.....()...&..o*...re..p(+.......,........rq..p(+...,...,.......+..+.....

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5137472
                                                                                                    Entropy (8bit):7.989516430029808
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:jeXlZDk40JTSPCCnlkXWtn4EpxK+pLTdPTqErlV9ZKkbljnClp:4tUSPCCz4zUhV9ZKOjCf
                                                                                                    MD5:4A81F4BB2A0ED429D0A6D42F8A371C7C
                                                                                                    SHA1:2961440657A7ADBABEE9BDFDF42B32444624CBA6
                                                                                                    SHA-256:84A63A121F46FB857E41C4B4CEF08D2FFBA1D8DC359FFB2FF9A92BF0C51733CF
                                                                                                    SHA-512:B7FAF6EF6C03B58006B310578855F25970FBE0BD25F740BE5B8AD5AE70A233BBDA456E30A1B1C114449FC19ED7ECDE7BD846C6AF7F644BB7D8569B07FE843A1F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~-...~...~...~......~...m..~......~...~...~.......~.......~.......~......~...~,..~.......~.......~Rich...~........................PE..L.....-e.........."....$.P...................`....@..........................`......K.O...@..................................1..x....@..<...........8;N..)...@......p"...............................!..@............`...............................text...BO.......P.................. ..`.rdata..$....`.......T..............@..@.data........@.......2..............@....rsrc...<....@.......>..............@..@.reloc.......@... ...8..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):182024
                                                                                                    Entropy (8bit):6.5869421525889935
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:0goOSKa7zHQnClbKDFSaHsCCaz83hvVc5b5eOlk7k5msi77v7moelT:KPHmC9Cj9Ytc5bhO7JskeB
                                                                                                    MD5:F5BB246B31EFBE87F4C4968478E08E71
                                                                                                    SHA1:773FEB2BC52D66173637ED54BDCFFAB16F619244
                                                                                                    SHA-256:D3D1D4A4038E16DF1EED20F89557C33E2C5CA785A88A4933D7F4BCACFA9476F9
                                                                                                    SHA-512:59CA4E0308A670B8007D17BCD2193551B6521CDBBD14971E79C57D9495466DBF56E57D2EA5C82166CB445806D6B7F2ACDA81C747D778F3C89008A1E97E23DDD1
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+..E...E...E......E.......E.......E....5.E..<(...E..<>...E...D...E......E......E......E......E.Rich..E.................PE..L...m..X...........!......................................................................@..........................o......hg..x.......@................)......(...................................(C..@............................................text...A........................... ..`.rdata..qp.......r..................@..@.data....5...........Z..............@....rsrc...@............r..............@..@.reloc...$.......&...x..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):81160
                                                                                                    Entropy (8bit):6.801392598123598
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:0Rk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXNe0Neie:0Rk/+Z1z8s+s+QrTmIecbWIANe/t
                                                                                                    MD5:1FA4D33D1732AE95558188690909521B
                                                                                                    SHA1:9507B399F52FAAD670A7020EF05CA58E09499273
                                                                                                    SHA-256:6EC18A1DBCCB096C9A0C04174AC4491400AE029EEC55214A72241ECFC35191C4
                                                                                                    SHA-512:ECC64656FC2D8F04BB06854C92C63A845B56BD9BA086581ED083612B8B4F2B0870877091CEAE32FDCFA561C4760BF56B9A25AA748FC1901E065C1BC65865E53B
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................)...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):106760
                                                                                                    Entropy (8bit):6.613878519784188
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:sItS55T1jTd+rv0ISjNI/dxA1h2Hw8B/xftojvG+P9IVLPeUUXLTegeiw:tS5B1jZZ+xA1U/JtojVP9IVLPhqneX/
                                                                                                    MD5:A506660BC0FFFE5404B1C400E9AA39BD
                                                                                                    SHA1:A2AFA336DEC29698B5B7BCA5F5D9DD1AD3492069
                                                                                                    SHA-256:924991BB83CC3A68FBC031F2004396CBE6B57B88EECE5CDB78D0C9407B5B30BA
                                                                                                    SHA-512:1A4FD622639CC40C8625B84F4F9362FC12C85A4FC50376C96CB8877E87E408E9B637DF1A297BEAF4DE3ACEE8A3C1E794DCD8CB7055A557FA74B3B5883136567C
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......'.v.c...c...c...j...e......a......h......i......f.......a...(...b...(...e.......`...c...........e.......b......b.......b...Richc...........................PE..L......e...........!...#............7...............................................;.....@..........................5.......5.......p...............x...)......d....0..T............................/..@............................................text...a........................... ..`.rdata...M.......N..................@..@.data........P.......:..............@....rsrc........p.......V..............@..@.reloc..d............`..............@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):198408
                                                                                                    Entropy (8bit):6.875518522681837
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:2x4FHSDFuewx5lsattrCuqpC/3vMW5gn4vweTbeY:2WJSDYewx5lsCXRwLY
                                                                                                    MD5:21BBE652C4094B0BA3B3D5C017F6BC78
                                                                                                    SHA1:0D3FA8EE4C9673A87305C9C19A34D6744468C5AB
                                                                                                    SHA-256:6DFE566149927964FC0530523C49917F3607D3865DFDDC506E71CC009138E738
                                                                                                    SHA-512:CA36729E14DCC8F76EA71CBC3A94262B18E83E16FF0C05330A833524516CE100BC04BDE44F5F99BC94A9C58183D6BB41CEC2385AAC47AF77AC390469F056EE89
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?f.jQ5.jQ5.jQ5...5.jQ5l.P4.jQ5l.T4.jQ5l.U4.jQ5l.R4.jQ5..P4.jQ5..P4.jQ5.jP5HjQ5..Y4.jQ5..Q4.jQ5...5.jQ5..S4.jQ5Rich.jQ5........PE..L......e...........!...#..................... .......................................;....@.............................P................................)..............T..............................@............ ..h............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114440
                                                                                                    Entropy (8bit):6.730144105591314
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:l2VdWPdUdxQAQuA+2/1IylDQ9IFa2+73g1nJRX7ZIV6f0YwezInd:lDEPDy1lA2JRX7MezMd
                                                                                                    MD5:5DB80BC6927600519F880636B0766868
                                                                                                    SHA1:FDF667A02F1852BA69071E3B6637B4E68B566811
                                                                                                    SHA-256:1F36427245A2E61E6A6AFE27260709D2D809B3D5013C3BCB97306128A8B2845F
                                                                                                    SHA-512:DEEF3806F8727DE9B630E32D9254CDE0C92ACEECAE52BC2F7636B9E4FDC2F05F0F791A8CF69DD6C0CAE7F0FDC860497DC34D10C9BF7D4D53329E1AD5958B2CE8
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.."..".."..+.^.2..... ...........(..... ..... ..i..!.."........&.....#....2.#.....#..Rich"..................PE..L......e...........!...#.....v.......#.......0.......................................r....@..........................f..X....f..x........................)......,...xb..T............................a..@............0..P............................text............................... ..`.rdata...E...0...F..."..............@..@.data................h..............@....rsrc................r..............@..@.reloc..,............|..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):48392
                                                                                                    Entropy (8bit):6.673266446582542
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:SzMiPUAFS/lj0WJyT0uwVDmhIVOIdUeYCehdD5EFiRu:yMiPZIjlyT0uwVDmhIVOIdzYCeJeiY
                                                                                                    MD5:75C207D6CF4BA305D55458A58AD3B6C1
                                                                                                    SHA1:E56665218F89C592A19186A960548F6DD0BE8545
                                                                                                    SHA-256:9394DD82F86920D48253373AFEAB6FD04BCD48322570AD9030E35DFD56FD21D6
                                                                                                    SHA-512:4CE53B5AE8505E63D4D48C62B70B391E480B1A7A4D2CC0B2E97BF009A8E7ED7C7EE54CF6537D32CEFC21FA103C5C735C57452496A7C7F20F9BA655FCE3651A8F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A.RK ..K ..K ..BX[.O ...\..I ...\..@ ...\..A ...\..J ...X..I ...]..N ..K ... ...]..J ...]..J ...]7.J ...]..J ..RichK ..........PE..L......e...........!...#.@...T.......D.......P............................................@..........................w..P... x...........................)...........s..T...........................(s..@............P...............................text...g>.......@.................. ..`.rdata...4...P...6...D..............@..@.data...d............z..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):147720
                                                                                                    Entropy (8bit):7.004007792348302
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:6HC2Ujp8exmcXl2VZuEXHeligl2VpJiGHH0Dy2MzHf/9mNol85pIVZ1kHrSefVK:77TyfX+Mh2oHYOW5Ce8
                                                                                                    MD5:E46052FF77A58DD20F088F7EB323ACB8
                                                                                                    SHA1:B541CD841D6A4120BD5691B2B88BED491D1126FC
                                                                                                    SHA-256:CFD4EEA7FCA5D1D874D7728C6947E68EB930FCC658E5A42D15B364F710C2BB3D
                                                                                                    SHA-512:A15C21BEF8417A750181BF8A973B5723C9D4B16D7EE010F8900432630BAF598343533390491755A88777783912D6D3351D02BC7ABC259C5F39EF0B73AA754F5F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............f.Q.f.Q.f.Q..3Q.f.Q...P.f.Q...P.f.Q...P.f.Q...P.f.Qk..P.f.Q...P.f.Q.f.Q.f.Qk..P.f.Qk..P.f.Qk._Q.f.Qk..P.f.QRich.f.Q................PE..L......e...........!...#.j..........>n.......................................@......Mx....@.............................L.......x.... ...................)...0..h.......T...............................@...............|............................text...[h.......j.................. ..`.rdata..............n..............@..@.data...............................@....rsrc........ ......................@..@.reloc..h....0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):28424
                                                                                                    Entropy (8bit):6.726861731734859
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:WoTEdK5ImRJbjCYcs74ubm7ApkbXRetk5gRIVWBLRpwKNsehdDOwyQGoGCJEF8Z/:kPmRwYcs7cRkWWRIVWtOehdDryqEFiR5
                                                                                                    MD5:02CA9B623C9A67463BCF0D5134C87195
                                                                                                    SHA1:021AC0B9997680534322DDA80AC656746028AD6D
                                                                                                    SHA-256:AC649CE3761E90C9AB2EF9C9F76503C395DAEEF96F019BFBA9C3637619E5F37C
                                                                                                    SHA-512:A2F4E1927E0F3291B5D43531425407E099BA564ABF4E78471F3256621A453246E2E139BFCE07A5253CFC3FFB4498782BA49239DC663B51B335CFC4554A3BA148
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b;r.1;r.1;r.12.&1?r.1...09r.1...07r.1...01r.1...09r.1...09r.1;r.1mr.1p..0>r.1...09r.1...0:r.1..J1:r.1...0:r.1Rich;r.1........................PE..L......e...........!...#.....,...............0............................................@..........................<..`....<..x....`...............F...)...p......x8..T............................7..@............0..H............................text............................... ..`.rdata.......0......................@..@.data...\....P.......4..............@....rsrc........`.......8..............@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26888
                                                                                                    Entropy (8bit):6.760300054112708
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:eQUgs86Jljl4qpg6rDYQyJsdGkQ9IVQUopwKNsehdDHdqGoGCJEF8ZpHCZu+B:eQUU6y96ryQxQ9IVQUdehdDH6EFiRSuc
                                                                                                    MD5:6F5DE1F823E419771FED0F943E0AC83C
                                                                                                    SHA1:D886A40FA57352146DA49EC212A6B6F9471C8D19
                                                                                                    SHA-256:27945681F7E685DABE52F2AB92D847E6DCC7E7FA57C41CFD9ED0EE931AB53C25
                                                                                                    SHA-512:694374E817FF2838AB0A6FDCEC5C27BD93C1721C2AB088CD58864062C9A1635A9466D1CEE91C8388F7050906A4CD25161F2037FA83C3C4D59ADFA684C29CEC42
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................y...8.....8.....8.....8.....^.................^.....^.....^.....^.....Rich....................PE..L......e...........!...#.....*......3........0............................................@..........................=..L...\=..d....`...............@...)...p..`...(9..T...........................h8..@............0...............................text............................... ..`.rdata..`....0......................@..@.data...<....P.......0..............@....rsrc........`.......2..............@..@.reloc..`....p.......<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):67336
                                                                                                    Entropy (8bit):6.717476419244423
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:AoOr3OlTJQMT9f8+CeazfOIQlkJ9IVLwIuuPe9ei/:wiqMT9f8DeazfOIHJ9IVLwIrPes4
                                                                                                    MD5:21CEDDB4147FD8ED706DACB746BECCAA
                                                                                                    SHA1:0FD5E48895BCC50CC3FE25672BEEE8E3C2C3292C
                                                                                                    SHA-256:EA9649F6B2F5FA3AE5A1FD4AC7A2E09CFB677437A6464FCC64B4E069CC6D4BEA
                                                                                                    SHA-512:4D6D8669B7738CBD37D9AFD7DEF5612DD2508497CECDAB209F4E2EFE296D24BAF9EF317C7B0EDC7F34418FDF5BDAE837AC53C1010AE34BC4B24D22E9ED67779E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*....*.P.+..*.P./..*.P....*.P.)..*.6.+..*..+.].*...+..*.6."..*.6.*..*.6...*.6.(..*.Rich.*.................PE..L......e...........!...#.b...|.......h..............................................;.....@.............................P...`............................)..............T...........................0...@............................................text....a.......b.................. ..`.rdata..j[.......\...f..............@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):153864
                                                                                                    Entropy (8bit):6.427581509937141
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:mxka2B9wnzjDX8/E4plP6Z3OS5wNWXWSWupIVC76NexGk:mxka2B9wzX8/HplP6Z3LGNWXWBuceT
                                                                                                    MD5:59E2908ED162D175336E810D7445FC42
                                                                                                    SHA1:3E27A97629FF1798CCAE297AA9D83A87B6436CCA
                                                                                                    SHA-256:42DBF17147E34C2422C46C3A88B24C8DC5195CE64A0E8F254C8181B0770BC0CD
                                                                                                    SHA-512:DE12AED45ECBDD241B73A35930BEB87687152712EB2A61CE1D6F024C529C36FF836F147AA6B94D84B6F06D1C46907AB26640E225696824B4FF99A11E046B397C
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=r..y...y...y...pk..}....o..{....o..u....o..s....o..x...n......y.......2k..~...n..{...n..x...nj.x...n..x...Richy...................PE..L......e...........!...#.....................................................`............@.........................@...d............ ...............0...)...0... ..@...T...............................@...............$............................text...M........................... ..`.rdata..............................@..@.data...@].......Z..................@....rsrc........ ......................@..@.reloc... ...0..."..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):498952
                                                                                                    Entropy (8bit):6.42067608472097
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:qhGSzkiDB3M7CqXatL/BaQyoOU2qiqYc21avIzVOEh7qTBVQSrXyyer:qhGSzvDB8DatgpPTq3o1FzNW1Cr
                                                                                                    MD5:C47B5CE89A9B10F8FD1F4037EB62EE11
                                                                                                    SHA1:6CD79D540D27651FCDB829EC38978D68DDDD05F5
                                                                                                    SHA-256:D59747DED17FA9C74B5009F181C79232441A46DF0D5E4FEED9DDEC04F3DF2AC7
                                                                                                    SHA-512:90D686AE6320F5DAA77606E444A4273729AC82654F962B9B4C8D098276EA3D75D3E29374085F6A459ABFFA8E2D268BE2AA128C7D2604BA83BD8CA1A5E38A7095
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........e.a.6.a.6.a.6.. 6.a.6..N6.a.6...7.a.6...7.a.6...7.a.6...7.a.6g..7.a.6.a.6.`.6w..7.a.6w..7.a.6w..7.a.6w.L6.a.6.a$6.a.6w..7.a.6Rich.a.6........................PE..d...$.-e.........." ................0...............................................p.....`A........................................P...(...x...|............P...E...t...)..............................................8............................................text...{........................... ..`.rdata...v.......x..................@..@.data........0......................@....pdata...E...P...F... ..............@..@.rsrc................f..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zip

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1849989
                                                                                                    Entropy (8bit):5.5758761365437
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:mQR5pATG8/R5lUKdcubgAnyfb8lz30iwh9EpdYf9Pfe/9ToWdWQhuHHX:mQR5pE/R7zP9qWwQc
                                                                                                    MD5:0A45A07FD73C29E66702B23D08C99E16
                                                                                                    SHA1:F7283BEA61FB5B836219E9FC63905E984E5B5B60
                                                                                                    SHA-256:57640F81ED34CB1F17F22472254CC721CCD300FD92BA1C1208CB959885154E97
                                                                                                    SHA-512:ADAA6030E0DA342816868A9F05018EE408D1E3E6E36EB1DA86E65B98BCC96BAEEC2283AD429EE5FF478253627BB37B3C057A19BDDEFFFB18485819A442AC7870
                                                                                                    Malicious:false
                                                                                                    Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3475720
                                                                                                    Entropy (8bit):6.044541351426006
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:qTzvl4LDpNkmTOVrYqSeGvDKfuvEKzF5++/u1CPwDvt3uFlDCJc9uHDn:Szvl43ToLM5+P1CPwDvt3uFlDCt
                                                                                                    MD5:DA7C6B28453650ACB4A02400DCB1A954
                                                                                                    SHA1:2C3F7339C4444EEB92E5DC765DC2D856288BA49F
                                                                                                    SHA-256:5BC99F046F8236CF6BFC3C382982FBED0B0BAAAFB19BCFC8173FF6DC0E71AEEE
                                                                                                    SHA-512:B4CADDE693DE5C833D69F62B3C3DA8D47FC12C030F15F1D59C3391FEE0F4979DFD0BB35BE447D53C55AE8A30460DBD0E5D145C9DEAE3C56D1D07A6A8A5D4A9BD
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....d...d...d.......d...e...d...a...d...`...d...g...d...e...d.N.e...d..`.j.d..d...d......d..f...d.Rich..d.........................PE..L...R..e...........!...#..%.........>.........&..............................@5......m5...@.........................../.0....53.T....`3.|.............4..)...p3....X./.8...........................p./.@............03..............................text.....%.......%................. ..`.rdata........&.......%.............@..@.data...0>....2.......2.............@....idata..(....03.......2.............@..@.00cfg.......P3.......3.............@..@.rsrc...|....`3.......3.............@..@.reloc.......p3.......3.............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33544
                                                                                                    Entropy (8bit):6.899408086189416
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:u4QHHH1n906QVjoPX2onHfQ7ehdDMEFiRs:uDHHH1n28fJse8eiy
                                                                                                    MD5:B1B3D2DFCDDC54DAFBE88804FC85F988
                                                                                                    SHA1:3D74C8B5B6A1B55A9017B94EC8DCA8A6F3347F05
                                                                                                    SHA-256:FC718A46E62764C4A1056FF527DD3A90DC7937B16F19FC7F72B4AFB55D60A2BE
                                                                                                    SHA-512:AE93D14F70DCCD3FC8646F140588133F0FBE7E03C90CE5CA886E4912FE3A5B45614B377591CC135BBDB4392035B5BA762ABCB9845441F933F64C156855F2C8DE
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./Bb.k#..k#..k#..b[..i#..$_..i#.. [..h#..k#..M#..$_..g#..$_..a#..$_..h#..._..l#..._..j#..._..j#..._..j#..Richk#..........PE..L....h.c...........!...".B...........G.......`.......................................A....@.........................0f.......i..P....................Z...)......|....b...............................b..@............`...............................text....A.......B.................. ..`.rdata..0....`.......F..............@..@.data........p.......T..............@....reloc..|............V..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):636168
                                                                                                    Entropy (8bit):5.812747567725593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:AWkw3Hj9L2fnecKCBd3uxPJdVMB//rxBuvEjmIFe9Xb1Os/K:AWk85Vy/1DjmIFe9Xb1Os/K
                                                                                                    MD5:AD709F87F4CB92A95D0026BD575BE192
                                                                                                    SHA1:CB8EF76FDD708D65744FF3385227A2CF81651B43
                                                                                                    SHA-256:45C554A5F70ECBDB7E197185346647B18798A194DC2C97D223A59C8DCE0D8D17
                                                                                                    SHA-512:051B58DCF2212BD7C70279899159CD68309AAA637B19B4503433A5120FC29481C166C48725FE082045BA0A3FD2874DC743D53B389E783F38600046867D2434BF
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ti.[...[...[...Rm..U....i..Y....m..Y....i..P....i..Q....i..Y....h..X...[...B....h..j....h..Z....h..Z....h..Z...Rich[...................PE..L......e...........!...#............P$...............................................V....@..........................i...Q...........`..s................)...p...F.. X..8...........................8W..@............................................text............................... ..`.rdata..x...........................@..@.data....<.......:..................@....idata..<K.......L..................@..@.00cfg.......P.......2..............@..@.rsrc...s....`.......4..............@..@.reloc..5O...p...P...<..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):169224
                                                                                                    Entropy (8bit):6.674861770754881
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:fuS4H7ZJieAlbSIoovnnc4vbkm+mvPH4LI9IVLhy9Stzwell:fh4H7elbfvnLIcvPwIX9zef
                                                                                                    MD5:4D4A5B87341917F4A64C450D9CAF0971
                                                                                                    SHA1:92C5272A0F8F59D80A5725FD5B16A44561215CCC
                                                                                                    SHA-256:46D1EDF21BAEF2A44204C273A91A48BB3D55087A2C0D065DD4106F2AD0EF45D4
                                                                                                    SHA-512:2174A6D5E35FA7C6F4C343A1484F78201362699EBEB3A29C76D990BC06815CA81BB43AC603E425A5D72F50EB7BC2591FFA59AF7A9F943EFC4F2C65172252A9DD
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................Q.....................................l.......................l.......l.......l.=.....l.......Rich....................PE..L......e...........!...#............D...............................................?Y....@..........................;..P...`;.......p...............l...)......| ...7..T...........................H6..@............................................text...m........................... ..`.rdata...V.......X..................@..@.data........P.......2..............@....rsrc........p.......@..............@..@.reloc..| ......."...J..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4949768
                                                                                                    Entropy (8bit):6.567915079723411
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:IHC3UZTlq9UE7fpKNsyRRLffWFn888cms8l3HIL+3+HFuMZn7PHqtqgQvTwZN0Ix:N3h9p7poLbg81LiL4+HQMZLqMHvs0rXG
                                                                                                    MD5:6D74ABB49A76F2C467585E6876D50AA9
                                                                                                    SHA1:4F518BC50E022B76F185B93226D6B73DBB1F2EBD
                                                                                                    SHA-256:9A8BE8E59C234BAA5283704AF150A33A8DBF83CFD47629DD0D7DB1299EFB1BAB
                                                                                                    SHA-512:516FD63AD171FA2276E5C138688D1A525598E7476492DB9A5FB5339413EF580E1ECD249D4C5D5163C1660AADA1E3052327292ABE07EDDBCD0D208FB7F4DDD7BC
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v..v..v.Y.w..v.Y...v.Y.s..v.Y.r..v.Y.u..v......v...w..v..w...v.?.~. .v.?.v..v.?...v.?.t..v.Rich.v.................PE..L......e...........!...#.Z%...(.....4[%......p%..............................PN.....].K...@...........................;.......;...... K..............^K..)...0K.4....:.T.............................:.@............p%..............................text....Y%......Z%................. ..`.rdata......p%......^%.............@..@.data.........<.......;.............@...PyRuntimXL....I..N....F.............@....rsrc........ K......6H.............@..@.reloc..4....0K......@H.............@..B........................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):556296
                                                                                                    Entropy (8bit):6.535815789294288
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:PF+TrtGRq8MPJomXwCUIB7rnWORrkpdk755ffO2NX6ja1e5ZYyeu:PEPsR1MP3JU07jgpdC3FCz/Yju
                                                                                                    MD5:1E1292E8D21C918ABF14953081498065
                                                                                                    SHA1:8CB680D06753E73BE5DBC11408F0D9ACCDAF753F
                                                                                                    SHA-256:FF71BDF85EA49841FFBC49E5401551BCE5D9D47B2B595C1991417FE96A0917D1
                                                                                                    SHA-512:367919FC2585BBDC1CD3A482A928E9630DECCEE097654726EE80CB19B019EB2E838FF13AE448D78D0E8A1D585FF56187194D676433E46C1A3BAD13ACFA58EB58
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].k{...(...(...(...(...(K..)...(K..)...(K..)...(K..)...(...)...(|..)...(...)...(|..)...(...(W..(...)H..(...)...(...)...(Rich...(........................PE..L...Benb...........!.........V.......................................................X....@.............................\`... .......@..l............T...)...P..<...`9..T............................9..@...............h............................text............................... ..`.rdata...4.......6..................@..@.data........P...h...4..............@....rsrc...l....@......................@..@.reloc..<....P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):128264
                                                                                                    Entropy (8bit):6.626334395579096
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:pYXT7XMB/g13ACKUY3+ZpjN0xBnjJY7bi0ACKXvbJKXkKv6VJu5Cwe5i/:yjA/23AC9UGf0/ntY7bi0dKfbJK0KCyd
                                                                                                    MD5:4359E769B9DC6DE24049E2B056446C73
                                                                                                    SHA1:568B3247DDC18527131524369B2215FC8EA945BC
                                                                                                    SHA-256:59EFFF24601EC8AAD9D528235D6470F827B5EA8640E5474DCE204BF219107F69
                                                                                                    SHA-512:E55762A99350D9ACB953ACBC338F5B37C903A581DD2C8FAF524D3B336FE2835C29D2A1DC08D397D1471FFCCD304F3C8B4848F6AA3DD9B68E6A437B9550E9CF8F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............u..u..u...K..u.....u.`....u.....u.....u.....u.....u.d...u.....u..u..u.[...u.[...u.[...u.Rich.u.........PE..L....dnb...........!.................%..............................................>O....@..........................H...E..0...........l................)..........0@..T............................@..@............................................text...c........................... ..`.rdata..............................@..@.data...............................@....rsrc...l...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25864
                                                                                                    Entropy (8bit):6.758560257641107
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:64pecPcDo7uIJ20jsonqKT2e7ANUG09IVQGJupwKNsehdD8gM/GoGCJEF8ZpHgCs:hIoqIIEnqwtl9IVQGJLehdD3M7EFiRq5
                                                                                                    MD5:6CC5BDDAD14333A86C0C1CEC68640186
                                                                                                    SHA1:AA2A049DB5BCE63A7B9ABC5B18A5E1E6BE85AA94
                                                                                                    SHA-256:1F7913633432087A672C6C9B3A9B435A075216B404D165FCA0EC5D5F77E6C24B
                                                                                                    SHA-512:7DC2F9812EA94BA42C532426AE4B3438126D82918A65857BAD89CF476D42E1096C8462CDD746407E3B1F102F2B5F3E29412D46CE33DB707F91DA31615948406F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|...............eF.....ja......ja......ja......ja.......`...............e.......`.......`.......`*......`......Rich....................PE..L......e...........!...#....."......=........0............................................@..........................;..L...\;..x....`...............<...)...p.......7..T...........................P6..@............0...............................text...;........................... ..`.rdata..n....0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc.......p.......:..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20744
                                                                                                    Entropy (8bit):6.773322938235235
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:oFMkmLyUBefz6JdGCPx6LG6pwKNsehdDIPtpoGoGCJEF8ZpH8HeJ:oGafz6JLeAehdDQAEFiRBJ
                                                                                                    MD5:0E79EBD4124DF97077678997BD0CB8D7
                                                                                                    SHA1:1551D03AE47B5BEBEB988C105507CD84F4084803
                                                                                                    SHA-256:B912858CE66028E42549DF1C406EBB82DC8A3C397C700F42B3FD12B942E7C3EB
                                                                                                    SHA-512:4166034B6670B25BA18B3E5F8D2A624836EA43778327C261E93463EEB23401341440B7ADCA0754BF2A7D330099984531F54F2F5F9155DF567EE2C9C76E471960
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7..7..7..>.L.6..>.Z.!..>.J.3......2..7.....>.].4..).M.6..>.H.6..Rich7..........PE..L.....NR..................................... ....@..........................`............@.................................t"..d....@...............(...)...P......................................0!..@............ ...............................text...Q........................... ..`.rdata..h.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1130760
                                                                                                    Entropy (8bit):5.43765296037731
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:B7yonRiPDjR0O518AfjwR6nb6EPYPx++ZisNqGZ5KXyVH4+GCHM:B7y0IDacpMNEwPgPscG6Xyd4fCHM
                                                                                                    MD5:41DF79A4A72A24494B397390CE2EED70
                                                                                                    SHA1:D2A1ECDE2E2631E14C30FD264DA22B30A3478E8F
                                                                                                    SHA-256:9A4094B10B5B895BF3A7A2E3D12B00C69A6F0C64BF583DCBF66CD324391AE393
                                                                                                    SHA-512:5B99ECB818DABFFF0CF666C568A96CF41AB0151DDEBB91AA0DF182A32C3DDF6864C2E8EC3B09310E1A22918A40C896608B3F9D77FB12E833D545167E2807AABD
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N".. q.. q.. q...q.. q..!p.. q..%p.. q..$p.. q..#p.. qr.!p.. q.!p.. q..!q.. qr.(p.. qr. p.. qr..q.. qr."p.. qRich.. q........PE..L......e...........!...#.4..........#9.......P...............................P.......=....@.............................X...(........0...................)...@..........T...............................@............P..,............................text....2.......4.................. ..`.rdata..6....P.......8..............@..@.data... .... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):22280
                                                                                                    Entropy (8bit):6.675032059654495
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:NkN19DlVuz1JHL2WaeaP57O6f/gyYpwKNsehdDJUny3GoGCJEF8ZpHmf4R:GrD7uz1pmJPFOe/NtehdDG6EFiRx
                                                                                                    MD5:C432BF1B59287D0D5F09ED189B2CBDC3
                                                                                                    SHA1:1B265DD3AEBEAECE17571D3C21D088219A98B886
                                                                                                    SHA-256:E3465C46E978600F730FB3143DBBE26C0E07F0B44A163B74989B43A76DC57E15
                                                                                                    SHA-512:FE88C82D0662069AE1BC5EC0FF5649EBF9183ECFF6A5446761ACB32241D7E02114CE514621D3F7508AD823FB48A5FF7048D94D177C7E913DEC63CD26638286FA
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.K.{v%.{v%.{v%.r...yv%.).$.yv%...$.yv%.). .qv%.).!.qv%.).&.zv%...$.xv%.{v$._v%...,.zv%...%.zv%...'.zv%.Rich{v%.........PE..L....enb...........!................R........0...............................p.......I....@.........................P5..`....5..d....P..t................)...`......@1..T............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......$..............@....rsrc...t....P.......&..............@..@.reloc.......`.......*..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32520
                                                                                                    Entropy (8bit):6.599189684720144
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:bEqoUGsfe65O+tf7Yh+e5h4XsAVX1UWAkNHH3iJehdDqEFiRK:bPoafe65O+tf7Yh+e5h4XsAvAKHH3iJS
                                                                                                    MD5:B9AEA9D1CDC9C71EB9C2FA5F59D8FFBA
                                                                                                    SHA1:D6C41E4F3A0785C390A8050D1181654DDE55E757
                                                                                                    SHA-256:C644EE04C8C4072F9D59DB2BA87C460457B6825BDA81F5C972B95D83892DFA1C
                                                                                                    SHA-512:7E509549D8A3E1A068FD50DB21B9A2DF04931CE88235C3A13158A107FA0AC8194365A533C900690B159834C0AECC4D6AC6F907A6FA66A48874F4229FC2E47671
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................)...............................................5.................................Rich............PE..L....dnb...........!.....*...(......m........@.......................................=....@..........................M..P... N.......p..T............V...)...........G..T............................H..@............@..$............................text....).......*.................. ..`.rdata.......@......................@..@.data...p....`.......F..............@....rsrc...T....p.......L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):45320
                                                                                                    Entropy (8bit):6.396733421340516
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:PgxJDJs6bHiT4YH4vkUlGXu8OBCogXZVPRgyM6wiuvmLPKhmiIZehdDnEFiRZt:Ws6hYYvBlGz0CoIZ5RgyyiuvCPKhZIZG
                                                                                                    MD5:F80A7FD05A2DA5B217CA4B79025DEBDC
                                                                                                    SHA1:8CBE66E313914952A3B2E7960843382BECB1DDD9
                                                                                                    SHA-256:F1B05858AFC2691F6E2837AFCE649A49ABF128EFCCFC1AD7983605D3AB194D09
                                                                                                    SHA-512:9C3162318B41BD25E7901DCD3769F11A0A014AF850A7430120C23A16F8DE73A68A1F7B077EF8336C5BE82F3240919197FBB044531247E0D3ABF8CE5ED65F9BB7
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........."D.qD.qD.qM..qN.q...pF.q...pT.q...pN.q...pE.q.pF.q..pF.q!..pO.qD.q8.q.pE.q.pE.q.{qE.q.pE.qRichD.q........................PE..L... enb...........!.....<...H...............P......................................h]....@..........................d..`....e..........x................)......,....^..T...........................h^..@............P..$............................text...f:.......<.................. ..`.rdata...$...P...&...@..............@..@.data................f..............@....rsrc...x............l..............@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):117000
                                                                                                    Entropy (8bit):6.602120468369267
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:RHcTO82Fy6rqrRXgVhVXLMhsNIxJKcqDGZygmW7+q3FweI5eaY:9cTp2Fy6rpVhVlcqDayYR3FW5eH
                                                                                                    MD5:49EC7F700FDC4CD10C71881254BA97F5
                                                                                                    SHA1:42E551373CF4019D4A65B28C839C3EAAFF393C18
                                                                                                    SHA-256:B9BB63965805473313EFE75DB48E83E3DA39F49B4FD4EB6BE26BA70E5452D9FF
                                                                                                    SHA-512:F6495188B8CC4FAF7C16BEFE1660DB609DB71D5CD3AA915549932EACD6820180F60098DDEA1C37B8F91ADD0EB291BC7DBF296B0649AD534638E6BC390AE7AF73
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M.;.,.h.,.h.,.h.Tzh.,.h.D.i.,.h.D.i.,.h.D.i.,.h1E.i.,.h.E.i.,.h.D.i.,.h.J.i.,.h.,.h.-.h1E.i.,.h1E.i.,.h1E.i.,.hRich.,.h................PE..L....enb...........!................,$...................................................@......................... Z.......Z..........\................)..........@R..T...............................@...............`....Y..@....................text............................... ..`.rdata.. ...........................@..@.data................j..............@....rsrc...\............|..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32008
                                                                                                    Entropy (8bit):6.801943434349617
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:qnThm327Z8dhT/ThAdbF7EpmX+mnQTCxqBLaOKONehdDd3EFiRU:qnTh7Z8dhT/ThAdbF7EpmOmnQTCABLac
                                                                                                    MD5:BA516BD46A223E9A191724815D3A2B33
                                                                                                    SHA1:E4A089DE6C066E1443802C8AFB3C9396F9B445F5
                                                                                                    SHA-256:58C6E84B94C24B897DBDD9383E751204AFD7A81EDF56490B23786BE0463AB27D
                                                                                                    SHA-512:F7158EC2249A2BEAF3482C11B60455BE3A7E302DE0EA3EB06BE4AEC67CEF3AC1E51AA4B2260A68135F9EE81859964865A8C2BC29F9485A9BD3ECD991618BA7BA
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c+H.'J&.'J&.'J&..2..#J&.u"'.%J&.u"#.-J&.u"".-J&.u"%.&J&.#'.%J&.#'.%J&.B,'."J&.'J'.tJ&.#/.&J&.#&.&J&.#$.&J&.Rich'J&.........PE..L....enb...........!.....,...$...............@............................................@..........................M..T...dM.......p..d............T...)......@....I..T...........................hI..@............@..h............................text...T+.......,.................. ..`.rdata.......@.......0..............@..@.data...D....`.......H..............@....rsrc...d....p.......J..............@..@.reloc..@............N..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):73480
                                                                                                    Entropy (8bit):6.621787465475035
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:LX6b0hojOeAcQ68sFDsSc5XZVHqyw2SN6ugZh3ye5t7ieTgiwkBRcNlVhcgu4YsP:LXDvcQ68sFDsSc5XZVHqyw2SN6ugZh3U
                                                                                                    MD5:DFA69A0FB068880EB8581385B0CC931F
                                                                                                    SHA1:649CD829ECBA3E8A5452C4736554F8E4E00539C9
                                                                                                    SHA-256:73E6A69C9281CD6FA7F381418A0E298E41D9230C53072831D23EAEC90DDDBDBE
                                                                                                    SHA-512:6AAFC748F629AB30F7953A478FF333B7EF2A50FDB7AD23370FC1E68F83F375B1BA898A4C5F0E0A9ECC01908D3FBA975E6F18B6C877BCE7B7BE10B9DD6ED71A23
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}O.........................................5......................................5.......5.......5.......5.......Rich....................PE..L....enb...........!.........r.......#....................................... ............@.........................P...X............... ................)..............T...............................@.......................@....................text............................... ..`.rdata.."M.......N..................@..@.data...............................@....rsrc... ...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):133384
                                                                                                    Entropy (8bit):6.659695945173276
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:q8elDztoo3BBIiF35NHwIWIoleG8uD5nfyQInif9nEFrTo6snI/b9RBmuMM/pn2t:gldoo3BBIiF35NHwIWIoleG8uD5nfyQ/
                                                                                                    MD5:9F8B28C825C5EA3AF117B028CCF6AFDA
                                                                                                    SHA1:1D81BCF0BBB4230E0A7D1E13F225998081619018
                                                                                                    SHA-256:5FEC22838AC829A83096A96A8FA89D3EDFD307C87F8A5678BD9051593D039D32
                                                                                                    SHA-512:0D3BCB86E4817CAB970CA7F42EEE596AD4AA7F5DA3E716AD526CEAAC310B3FD138467F679AE44AAAD12B1751C8D600EAD21EBCBD853F1A27AD53EE005D36FD0E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%...a..a..a..h...k..3...c......g..3...n..3...k..3...`.....c......b..a..j.....c.....`.....`..Richa..........PE..L....enb...........!................ ).......0............................... ............@.........................p...T..............\................)......$#......T...........................8...@............0..X............................text............................... ..`.rdata..(....0......................@..@.data...T...........................@....rsrc...\...........................@..@.reloc..$#.......$..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55048
                                                                                                    Entropy (8bit):6.647969337336512
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:sczAnApVDCdnyP13HrPKDS3jLWkUaueZieim:sczA4Cs1IS3jSkUaueXb
                                                                                                    MD5:9241CD320EB166D8A38C3C9D684269AD
                                                                                                    SHA1:E29473F42CA798809C9E248CCAEBDD22F6B503CF
                                                                                                    SHA-256:6150CBFBD79083CCCD4ABF16B4E3D34F9569A4CFBDDFB2D3F6F78D52E60C56BF
                                                                                                    SHA-512:08A288FAB51DF2D92498DD480F2C59D837CEB9F6E59C78E2E6E5D831183DB7CBCF2EB7B916BF30634C720E7C80C13FD5DB986C6028DFD96627E564F05065EFD1
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...Ww..Ww..Ww../.Ww..?v..Ww..?r..Ww..?s..Ww..?t..Ww.2>v..Ww..>v..Ww..1v..Ww..Wv..Ww.2>~..Ww.2>w..Ww.2>u..Ww.Rich.Ww.................PE..L....enb...........!.....^...L......d........p......................................6.....@.............................T..............\................)......$.......T..............................@............p..0............................text....\.......^.................. ..`.rdata..P3...p...4...b..............@..@.data...............................@....rsrc...\...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33032
                                                                                                    Entropy (8bit):6.76872703893567
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:Clpnu320RxxYpp4SzbCemvi70OpehdDaOyjEFiRx7:ClpwfepOSzmemviIOpejyjei77
                                                                                                    MD5:7C22159F80238474341F97D07DE75BC2
                                                                                                    SHA1:191E7FCB55CE5815A29F1E6B03023B680C7F1105
                                                                                                    SHA-256:386FBFD9E16B516570BF7A2B954DBF33F615C4D88522FA3D2F4CAD0F8374FED7
                                                                                                    SHA-512:AEA78B3F8BE495895572F8D966D4D6835F1DC080E07C851E54FC1EC24D8E5F3E5FF184566FD0378F20750A72D5545E9A34E7A4AED0758319E495F8DD0097F944
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1{.u...u...u...|b-.s...'r..w....|..w...'r......'r......'r..t....s..w....s..v...u........s..w....s..t....s..t...Richu...................PE..L....enb...........!.....,...(...............@.......................................`....@..........................N..T...DO.......p..\............X...)......h...pJ..T............................J..@............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...4....`.......L..............@....rsrc...\....p.......N..............@..@.reloc..h............R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55048
                                                                                                    Entropy (8bit):6.684308863925256
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:dYyzMiZk8T4PKVob+qUtqmI0EbSLzQ2r0OTeG3ei6+:nzMKnJI0EbSLzQ2rdTeHl+
                                                                                                    MD5:B6676EFEF406A85893285797D0C29505
                                                                                                    SHA1:1E06D71D68111FE53068328A3C3592945D936980
                                                                                                    SHA-256:E5F545947BEAE2FC479BF6A479F0EEAE6AFB8F22A87A0879F21F840AB8D6EA6E
                                                                                                    SHA-512:946B3B47E6E72D9F604C5979E6F0414C81A6F90D2730CA2E33180D7C7541C14F3CFF810BD6D4CAB81EF6A74CA6F3B1248DD9A81F285E06079A08F8ADA5C62EE1
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..T-...-...-...$.O.+......./.......".......'.......,......./......./...H...*...-...........,.......,.......,...Rich-...........................PE..L....enb...........!.....Z...P...............p......................................8.....@.............................X...h...........l................)..........0...T...............................@............p..(............................text....Y.......Z.................. ..`.rdata..H9...p...:...^..............@..@.data...d...........................@....rsrc...l...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32008
                                                                                                    Entropy (8bit):6.705333655137733
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:wa6YYahryRYSt5N2QhACw30YrchehdD3EFiRy:36uRyRYSt5N2QhVw30YrcheneiA
                                                                                                    MD5:8907F141EC176653CE0F3717D7987F0D
                                                                                                    SHA1:372074B52DD727194A6F7A0B849C9D8307EA2D74
                                                                                                    SHA-256:2A9838B50B8CF7AB375038E8992FED19C83781637EB39E3132C3F658E5D402EE
                                                                                                    SHA-512:1787FC7F43D5D6C4E59FA48C34C8DC2E62E5FFABA775063599E27B9DC660E984A556A533749AFB6EC88E3C1EF579D65711A96560571030F5AC0E05D7369BA9D3
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c@.............z.......j/......j+......j*......j-.....8k/......k/......d/......./.....8k'.....8k......8k,.....Rich............................PE..L....enb...........!.....$...,......c........@......................................+.....@..........................S..X...(T.......p..l............T...)......`....L..T...........................8M..@............@..8............................text...*#.......$.................. ..`.rdata.......@.......(..............@..@.data........`.......F..............@....rsrc...l....p.......J..............@..@.reloc..`............N..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):124680
                                                                                                    Entropy (8bit):6.629752931582661
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:juJWvsPn4DRm47uweNi0B/I7Qluib9o0+P0hVR7207XDN9j87f12BCUoVNxPeZei:juJjNi0BAUbbVhX20E7f12BCUopPe4fK
                                                                                                    MD5:68F257BFC2DEC5DEA5BF2902F743EA69
                                                                                                    SHA1:B51898644728AD90AA25A232CF2EC9C9D55A8D71
                                                                                                    SHA-256:49CDA99EA272A1D21A2486E949FB72F05F38F17375D72E910441E410E2891F2B
                                                                                                    SHA-512:147B8A97126327F244F28CC5632E8CC2ADC8AE2DAE10A7BD6DCDA4DA65B5173AF4880CB65C5608080728EA14D7B2D190470708E16E231B0C56DB4AE0E1D0E349
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B..,...,...,.......,...-...,...)...,...(...,.../...,...-...,.7.-...,..-...,...-...,...%...,...,...,.......,.Rich..,.................PE..L....enb...........!................4................................................D....@.........................@.......T...........l................)..........0|..T............................|..@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...l...........................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):58632
                                                                                                    Entropy (8bit):6.621120056612521
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:dIjye8QDPn77vmXjsmt7h8jPaCwSmAe0WNmlCaeIeif:dID8QDP7ssEvSmAFWNCCaevS
                                                                                                    MD5:CB29C90D7AAE07AEBF89DC9B8A13023D
                                                                                                    SHA1:60F703152AB63299CA455CCF5A0E9C53C3BC7226
                                                                                                    SHA-256:AC6D8B17FE188334F5FE7D7D4501DD834E18BBC60844DFFE5D49EC1120100C96
                                                                                                    SHA-512:08E0EA0BF66A22012C6C0A70ACDC0AFB435CDB2278A13CCB358BA0C45A79A45792C68A80AD8E51F322B5DCB5CE0A33FFF0D63CAA9E8D2C50191A3E1D9B5DDBDA
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]2.J<\.J<\.J<\.CD.N<\..T].H<\..TY.Z<\..TX.@<\..T_.K<\..U].H<\..U].H<\./Z].M<\.J<]..<\..UU.K<\..U\.K<\..U..K<\..U^.K<\.RichJ<\.........................PE..L....enb...........!.....^...Z...............p......................................r.....@.............................X...............(................)..............T..............................@............p..@............................text...7\.......^.................. ..`.rdata..R=...p...>...b..............@..@.data...............................@....rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):28936
                                                                                                    Entropy (8bit):6.727796379481628
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:5wTmuPtKeo1vAWrO2E+BCT1ehdD5EFiRO:5wTmDeo1vAWK2bBCT1epeiw
                                                                                                    MD5:B4A0222525AA3680A944824960380872
                                                                                                    SHA1:46EAF7D342A4511E81EFF6FBD4CAE0E68B682004
                                                                                                    SHA-256:7527B972EACE8B71E6480638B3B3ECA28F85630139A9596BB1FF4E548DEE5F24
                                                                                                    SHA-512:AEDFB7C84F688C97D39AA80239E5D527E63E4CC0C3F00B89D11D4BD5DC4E3405A0CA6402A790801C2060F56D186C410EFCB8FDF60A32FE68650EF9F5B392943D
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[+H..J&..J&..J&..2...J&.M"'..J&.M"#..J&.M""..J&.M"%..J&.#'..J&.#'..J&.z,'..J&..J'.WJ&.#/..J&.#&..J&.#$..J&.Rich.J&.................PE..L....enb...........!....."..."...............@............................................@.........................@K..T....K.......p..d............H...)...........G..T...........................hG..@............@..<............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data........`.......:..............@....rsrc...d....p.......>..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pyd

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):37128
                                                                                                    Entropy (8bit):6.663610526025758
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:hJkGf5FPODkwCZJofawL6xsS0JrW6IPjhvmUtF9vqMRehdDPEFiR+:jkGfGuYLCKJrWPrheUL9vne/ei8
                                                                                                    MD5:6663AB60551D976D249678F9847CE570
                                                                                                    SHA1:7B0D8F5678B6EEEFCB399AE7BCF835B9EF9FDA40
                                                                                                    SHA-256:742FC10D7DD578CDA2681DC3815820CA13E10D1FCAACA6438AB7CF17FAC52D3D
                                                                                                    SHA-512:D159F419BA4F4618AC2A2B393D92714BC4BD87473FBA013ED76C623E8AE32C9F199DB75DB81216547BADCE9486595AA43C93CE3FAFD3D55C9326A356FC02BD2F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c..............z=......j.......j.......j.......j......;k.......k.......d..............;k......;k......;k......Rich....................PE..L....enb...........!.....,...8...............@............................................@.........................`]..P....]..........T............h...)..........pV..T............................V..@............@..\............................text...:*.......,.................. ..`.rdata...'...@...(...0..............@..@.data........p.......X..............@....rsrc...T............\..............@..@.reloc...............`..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pem

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):22940
                                                                                                    Entropy (8bit):6.032017157463409
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:iq/pQNjnJvRi6F47Myb4UeHiOqJkEbJCJHJtSjBeP/q0f5CWOxmgWZ1GjOJWXTYf:J/pSvx47My2HitJkE1SHJc4PyVWOxmD5
                                                                                                    MD5:DF414BC2D2943295BFC40521B774CAAD
                                                                                                    SHA1:A6C1ABF2125D92C955AC18E3C93FF6363583118C
                                                                                                    SHA-256:DFFFC4FE5826C089665F8B92B7519D184ECBFB000D49D2A24E51769E2D28A076
                                                                                                    SHA-512:D6EA29563B747A15921C43CD498CDBABD7EDDA29AE67988E3E552D2F9DA8DBA0073E12552165854A300CB67BEA90A62AB84789F78923AAA79BCAE54A9D716E4E
                                                                                                    Malicious:false
                                                                                                    Preview:Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic Issuing CA 3B..Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA..Serial Number: 61:2c:ff:88:00:01:00:00:00:10..-----BEGIN CERTIFICATE-----..MIIGuTCCBaGgAwIBAgIKYSz/iAABAAAAEDANBgkqhkiG9w0BAQUFADBSMQswCQYD..VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu..dGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBDQTAeFw0xMzAyMDgyMjIxMjNaFw0x..ODAyMDgyMjMxMjNaMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UE..BxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYD..VQQDEyJJbnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDNCMIIBIjANBgkq..hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsACTrvLKbKZNzEi/SiP8KpvIbu0Lgwex..PGc5dWKAbRDRqPDWpzOgmNiF+oXPCuvJ9b2bC7T3uLPBZOOfYD/QSy2cP7s+H9aL..imiok3H+MNLll6zvIIYV6rH3bkN/bfMAnnOn16HUo1jbbWHCvlFqoyT6b4AnMqAS..2Hyc9kZYtsgdYWoFqoX3KOEIKcsCpN9zdir7Ha6Yv+vYfwkaYju/sQ4Gy4yM4urM..RYGyleP6h/SoF+rsvwgPf7FAD097vOm2qjPiZMZDbxKuGKlyBBrlJhAT9+ErUVCw..FpxSGRYKJAoGuybd8BrTHV4xrODE5yqz

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Generic INItialization configuration [ScheduledUpdate]
                                                                                                    Category:dropped
                                                                                                    Size (bytes):211
                                                                                                    Entropy (8bit):4.617771016530702
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:k6EoLLwKq3b471bFLLwKq3IR7RJqUFLLwKqSkxCO/r5vyn:HDLEX3WhLEX3ID4cLEXtAOFyn
                                                                                                    MD5:3019BB65EBA7A06B65AA7925EAAF7E40
                                                                                                    SHA1:D136782AA2EE9029C74B2F577B1DB7347A141C19
                                                                                                    SHA-256:213443D0D3522F425B10FF3853D4C81F0615A7B9EF65D67E3F375EC4EBF0113E
                                                                                                    SHA-512:D76A9EECC27231D8425810EB1C99A4DDB2A41B592AF93F58D58124B053BFC9003939E57D98DEE5CCF178DA213D2E6FF3D4D311ADF9B36E2FDA21202293037485
                                                                                                    Malicious:false
                                                                                                    Preview:[Directories]..downloads_dir = ..\..\program_data\downloads..assets_repository_dir = ..\..\program_data\assets_repository..program_data_dir = ..\..\program_data....[ScheduledUpdate]..scheduled_frequency = 30....

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.ini

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):36
                                                                                                    Entropy (8bit):4.326465890981193
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:k3WtMyUH/Dn:kN7H7n
                                                                                                    MD5:900C9A37AA17DC7DDBAAB099B3498AAC
                                                                                                    SHA1:967D5C0472E972BEDF2466E5F714F67C571578E7
                                                                                                    SHA-256:47C3223460EB379B126BA0579B1225722D8D7154F2D41733C44877EE22D86CFB
                                                                                                    SHA-512:297FC2FEE73AFEF3AA7FEB183F62D04355A261883C9A707F2173124AA8221EFE65927AAB14DE343203A18C6744814A6097322FAB2ACCC30A301150BC375A9ACB
                                                                                                    Malicious:false
                                                                                                    Preview:[Directories]..BinPath=./libs/api/..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (2404), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):141197
                                                                                                    Entropy (8bit):5.013409225713492
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:7DcSQy+yuZQ/OH/R9aJTtOyKFmc0OuEfIYHw9aJTnoERy:7ZQy+yuPKOPmc0OZfIWwn
                                                                                                    MD5:8AB74CAFB3151D7229D226D3E0E254AD
                                                                                                    SHA1:B50734768C0E6727CF621BAF0CA066DD57425C9A
                                                                                                    SHA-256:C4BC3C7B81A4DA8532222B1D20BCB66C56FF69D24DDF39083AAE91063D667DD7
                                                                                                    SHA-512:97675D09A98B6669DEBE4342F37AB0B26087EBB969D69838ACBD8C76AAACBB2A1F87883515EE4AC6B4E84E22558F61E6C30E82547A32E0B89E846A8E3766DB10
                                                                                                    Malicious:false
                                                                                                    Preview:Third Party licenses:..---------------------....Contents..--------....1. bbfreeze..2. bottle..3. Christian Heimes wincertstore..4. Curl and Libcurl..5. gevent-websocket..6. globalize..7. jquery..8. Microsoft MSDN Subscription..9. Microsoft Visual Studio 2008..10. Microsoft Windows 2000 Driver Development Kit (DDK)..11. mozbase..12. mustache.js..13. Python..14. python-dateutil..15. python-future..16. pywin32..17. Qt..18. requests..19. setuptools..20. virtualenv..21. Visual Studio Autogenerated Code..22. werkzeug......1. bbfreeze..--------------------------------------------------------------------------------..Copyright (c) 2017, Marcel Hellkamp.....bbfreeze contains a modified copy of modulegraph, which is distributed under..the MIT license and is copyrighted by Bob Ippolito.....bbfreeze contains a modified copy of getpath.c from the python distribution,..which is distributed under the python software foundation license version 2..and copyrighted by the python software foundation.....b

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.json

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:JSON data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1085
                                                                                                    Entropy (8bit):4.3513485013160516
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:1rDLqVKj16Pn8VKj5kVKGZrzHGo8oh2maWvHyUo/Lxsg3/PEovZqh8r0Ey:YKOgKaKYn/86Ba/LRcSM8jy
                                                                                                    MD5:ABD90527A422AFC5C956E806CA94CBDC
                                                                                                    SHA1:8F44EA3705B602917D7B5E9DE0943F63EA5DF2B1
                                                                                                    SHA-256:F722DF8F21FC9FAED68192C5E9528DEFB53BEDCF444396121760A4794BAC0BED
                                                                                                    SHA-512:2DF67750FF60EBD680DFD81A33EEFED25032FF0F62F783388FD53300525D3166BD893607735E80AD69039C17D7A6FB6D7A9F34E76F485DE91D8A8D3FD489B764
                                                                                                    Malicious:false
                                                                                                    Preview:{.. "version": 1,.. "formatters":.. {.. "precise":.. {.. "format": "%(asctime)s %(thread)-8d %(levelname)-8s %(name)-60s %(funcName)-30s %(message)s".. },.. "brief":.. {.. "format": "%(thread)-8d %(levelname)-8s %(module)-35s %(funcName)-30s %(message)s".. },.. "full":.. {.. "format": "%(asctime)s %(thread)-8d %(levelname)-8s %(process)-6d %(name)-60s %(funcName)-30s %(message)s".. }.... },.. "handlers":.. {.. "console":.. {.. "class": "logging.StreamHandler",.. "level": "DEBUG",.. "formatter": "brief".. },.. "file":.. {.. "class": "logging.handlers.RotatingFileHandler",.. "formatter": "full",.. "maxBytes": 1000000,.. "backupCount": 3.. }.. },.. "loggers":.. {.. "updtr":.. {.. "level": "DEBUG",.. "propagate": 0.. },.. "werkzeug":.. {.. "level": "WARNING",.. "pro

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20232
                                                                                                    Entropy (8bit):6.54675890606349
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:8ghA/m6yj6pwKNsehdDjNDGoGCJEF8ZpHrqQBw:2GzehdD1EFiRmuw
                                                                                                    MD5:DEFEC16B7A70405695A76145D7914CC5
                                                                                                    SHA1:7CF60512B3826BD70BB67979115B2A38AB757924
                                                                                                    SHA-256:10E06FD5C07F4045CC479B77121A7D64FE2CCAB01EBD50B39B7D76C56834D173
                                                                                                    SHA-512:57079C315A550F9FB34728E35F725F05E31EBB7F4DA70EBC4D9593FD7EE18707484689E4DE86DB4B8D990EFB1F00E9061F22C83AE90A2AFBD80D7318376C2622
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.............:=... ...@....... ...............................H....`..................................<..O....@...............&...)...`....................................................... ............... ..H............text...@.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......\%..............................................................B.r...p..(......*....0...............(.......(....o....r...p.o.....o.....(.........,...d...(.......@.....r3..p.o....(....r...p(......o.....r...p.o....(....o...................,...o....&...*...........AD.@.................0...........s........o.....o....o....&....o.......o....&s.......o.......o....o .....r...po!.......o"...&..#.....r)..p.o....(....r...p(...................,...o#.......*........Y`.#........

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):76040
                                                                                                    Entropy (8bit):4.3583997119742035
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:dlQgm4MByNmEjz5Dv1YUUL7ehdDpEFiRkyX1:dygmTByNmEjz5DtYUUfeZei+yX1
                                                                                                    MD5:A5C6915C6DD51827504FA854B4626C20
                                                                                                    SHA1:3242DFBE117838D9B20E7873A7EC92344CC6259D
                                                                                                    SHA-256:761A01CFCF85027F260B74A354B3CA95D3D3237F60257D4CB0E58AED5B8193D5
                                                                                                    SHA-512:00052D23853382235ECDA08BA4949E3BB12F617DA65D90E749C2A2133A201075D69E4FE7A7376D4AF0233040F153C390B04F26C3F80C9B965DB2FD5FF606C2ED
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.................. ... ....... .......................`...........`.....................................O.... ...................)...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........,..............................................................B.r...p..(......*....0..............s......o....r#..p(........o....o....&r9..p.o....rK..p(........o....&ro..p.r...p.....o....&....o....&rm..p..r...p......o....&....o....&r...p......o....&r.(.p..r./.p......o....&....o....&r.U.p..rY].p..r.b.p......o....&....o....&....o....&r#h.p..s.........o......s........r2m.po......rHm.p..s.........o........o....o.....Y..8-......o......o....rux.po....o....r.x.p(....-)..o.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):264968
                                                                                                    Entropy (8bit):5.895358413876768
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:7qh5o3bqhX2tF0U0L+p63nm2afbqGbFBh5aAryS1QPB96/hth4013LiDDKnFbDhs:Ysbq43vem2u5AShT4013LewFbnlpYXeq
                                                                                                    MD5:509968912E14A6A6C6BBB0D8B2AA41E3
                                                                                                    SHA1:6954F6EEF799761BFF6DEAF0CA2827FEF135FA96
                                                                                                    SHA-256:9441F4F2438C8CCA7619DF41B7B770006949AF0AFBF41D24CFBBF0750B6CFD15
                                                                                                    SHA-512:E43AC5A37E107294379FF227BBF46CFF3EA19F7B29A195BE7384C7F5BC0E6D7FEF57C27CD87207F8FE6379E6C1C403D17CF5FC5989C9A262A8545A6CFEBFC5BC
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1e.........." ..0.................. ........... .......................@......1u....`.................................l...O........................)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........I..l............................................................0..l........n.....r...p.....r...p.....rI..p.....rS..p.....rI..p.....r_..p.....rq..p.....r...p.....r...p.....r...p.....*.0............%.....V....&.....V....'.....V....(.....V....).....V....*.....V....+.....V....,.....V....-.....V..........V..../.....V....0.....V....1.....V....2.....V....3.....V....4.....V....5.....V....6.....V....7...*....0..........#.......@.8.....=.....>.....?...#.......@.A.....E.....F.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csv

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2145
                                                                                                    Entropy (8bit):4.905611656026584
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:XvpUG+RFJT0s7KsYCjW9zMy4RxQLdn/XDIFg+8qlJ25IzgYKb:XvpUG+BAoYCqjaeJ/zIFg+8qn25IcDb
                                                                                                    MD5:4204D6A9D01151FAC8D50ED32EBD789A
                                                                                                    SHA1:992D18FB4563F5261DA93ECFE82BD60BD591843F
                                                                                                    SHA-256:124524102E9DCC3E3A78B2DD7413AA497B7B75BA2836AE9179BD9F775453E19F
                                                                                                    SHA-512:268B1AD76FF8E225C02224C09643C9306D4E1CF0E3D41B42D1D3CF45D78B7EBB82BE662D5D105F3A4835FC04A9EE81803F2B6F8BCA37F1815FE19F976914345E
                                                                                                    Malicious:false
                                                                                                    Preview:Acrobat_sl.exe,bg..acrord32.exe,fg..acrotray.exe,bg..AcSvc.exe,bg..AOLICON.exe,bg..AolTbServer.exe,bg..AOLTbServer.exe,fg..AppMonUtility.exe,bg..audiodg.exe,bg..AutoLaunchWLASU.exe,bg..BcmSqlStartupSvc.exe,bg..BESClient.exe,bg..BTStackServer.exe,bg..BTTray.exe,bg..ccApp.exe,bg..ccSvcHst.exe,bg..collsvc.exe,bg..Corel Paint Shop Pro.exe,fg..crysis.exe,fg..csrss.exe,bg..ctlcntr.exe,fg..devenv.exe,fg..dwm.exe,bg..ehmsas.exe,fg..ehtray.exe,fg..Etqw.exe,fg..EXCEL.EXE,fg..explorer.exe,fg..FlashUtil9d.exe,fg..FNPLicensingService.exe,bg..GameOverlayUI.exe,fg..Hl2.exe,fg..home.exe,fg..IAAnotif.exe,bg..IAANTmon.exe,bg..ICDESK.exe,bg..ieuser.exe,fg..IEXPLORE.exe,fg..Is3sp.exe,fg..Isbmgr.exe,bg..iviRegMgr.exe,bg..Iw3mp.exe,fg..jusched.exe,bg..LANUtil.exe,bg..LostPlanetDX10.exe,fg..LostPlanetDX9.exe,fg..lsass.exe,bg..lsm.exe,bg..mobsync.exe,bg..MSASCui.exe,bg..msworks.exe,fg..MyMemoryCenter.exe,fg..Napster.exe,fg..notepad.exe,fg..NSUService.exe,bg..OUTLOOK.exe,fg..PhotoshopElementsFileAgent.exe,bg..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zip

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3038547
                                                                                                    Entropy (8bit):7.995615389726128
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:49152:/UYv3jlcBgNwWAwTo5rvNhSlntCQf8VJy/PEKXmjmLtWMsxNVVyEoyuS11p:/UYv3jWaBc5rvrShtNfoJyDmjmRDsHhz
                                                                                                    MD5:A1296CE3E82BDBA8D987E501E3658A47
                                                                                                    SHA1:9D79A58B67B4B8635AA542DD26EBC92C8E591234
                                                                                                    SHA-256:E3A1D56C1516DB96A7778B1E19BAE57003B1DF244564210F23556E65FF1FF37B
                                                                                                    SHA-512:F8B4AF2EB122594551352AF41F82F418DBEA1F836AFD261E80FACF602A06ACFADAC2A3EEB1B331D42D99548B7FB069FB9C93C5FC2D28C2E061B56806B93BDEBC
                                                                                                    Malicious:false
                                                                                                    Preview:PK..........P.....\..........lookup.txt.]...._.....P.,^o.O^.v.G.H.$.......zg.R...$.....B. .Z.........'?..y1...aM...??..h*?..q.v.w?..=...G?...`k...~..N....Y..~../........~../M...C......g7......0V......?.....~..|s...G\..6&.....P.U.8}w}...6..U..q.U..K.qu..ih....z.[l.#.f.....7.N?.......M..e...6.&,|..b..._.....Xu......Wa..lB0.. =.........*.3E.n....[.@.'.]....L.>,_93\..._.W.z.5..L..G..bY'+/........`J..a.pi.|.......k.o......ZE.R..vr6.}...66..o.af..[r.[n..U.. .zp8..!.5T..e.0.......eq'.l.....4l..s..<G.;U.q.3.<.[........xr....2...*....:?....c..]..L...C...H.5U...l..&...k.f..^z......._:o..W..0X..yJ.....t..iB&...bF..V.~.?.~\...`.......*.N...fC.......!:...!.{..;|d.n...O......7k..}>N...H...{.....m|..XCo..m8.J>.n...T.E.'...]....a.v.0....8.O..9...C;...&...f,..././.........F7...u...].......w.....Y...1.-...1S._..E...{dZ#..,....@l../....,7].DM.|..}7.8..F.&....<I....A.}...$..3..X...pnD....\0......o.Vn...N.6.5d...8...,S.B....Q....%.,ke...L..sr...4.{..`j0..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\policy.json

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:JSON data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94100
                                                                                                    Entropy (8bit):5.498136427554891
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:L1nM9nP2nvsncuFgZb0TG67SOoq6X5N5D5gYpYp:lnq6X5N5D5gh
                                                                                                    MD5:70C849B3BA5EA101BD97188E3B421A95
                                                                                                    SHA1:93AA433CADB25FAB8A8A5CFF96DDD7169D42CB07
                                                                                                    SHA-256:8F697A78E2D7BCA4476B66B4FFAEFA3D46621CE1C78103B812B53DBF6649EDF6
                                                                                                    SHA-512:A3D9275F58D46E7948E8FF1714977B52D5F6162BE0CDF14FBD2FCEB3F160B5F1FDB21A7C40BD87EC2D33D9B618C2B826028090EFB63EB907A4676F48D123DB11
                                                                                                    Malicious:false
                                                                                                    Preview:{"SURVersion":"2.4.10577","event_log_collection":[{"name":"Intel_Installer","description":"Intel Installer Installation (1033) and uninstallation (1034) status","query":{"source":null,"query_string":"*[System[Provider[@Name='MsiInstaller'] and ((EventID=1033) or (EventID=1034))]] and *[EventData[Data and ((Data='Intel') or (Data='Intel Corporation'))]]","more_sources":["Application"]},"output":[{"key":"product_name","type":"string","xpath":"//Data[1]"},{"key":"product_version","type":"string","xpath":"//Data[2]"},{"key":"product_language","type":"string","xpath":"//Data[3]"},{"key":"installer_return_value","type":"string","xpath":"//Data[4]"},{"key":"manufacturer","type":"string","xpath":"//Data[5]"}]},{"name":"igcc-next-ui-event","description":"Intel Graphic Command Center Next UI events","query":{"source":null,"query_string":"(*[System[Provider[@Name='Intel-GFX-Info'] and (EventID=8087)]]) and (*[EventData/Data[@Name='Ver']=1]) and (*[EventData/Data[@Name='CId']=202])","more_sources"

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1626624
                                                                                                    Entropy (8bit):6.514625574823887
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:/qxPLobo1lzXSB1aWTvZrLQDu8mY70Mmzrk5Ngv9TEJ3xHf1aW1YLm89W2JFfhs:/qRCmJXSBimDMTkS3xHf1b1YLF
                                                                                                    MD5:E415F470B2557524BF900904F7B64A02
                                                                                                    SHA1:FCD9E7CD20102FE317BC6F534E666B9B6C49B8A9
                                                                                                    SHA-256:B7DFA963A09C21AE3EE7642416A168EEDBE690416C30C274E1666873117DF06D
                                                                                                    SHA-512:BDD902FD5F6C746D4DE35ACC67A8B7BBBACA43AFE9B06D2060ADC4DEE71570ABF5895829736323E42E5BA805CB93276CED157568F304747BD8A46B0A95BFC66F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..............\.....................................M.................................0.............Rich............PE..d......d.........." ....."........................................................../.....`..........................................<..X4..(q..........8.......\......................p...........................`................@..p............................text....!.......".................. ..`.rdata...?...@...@...&..............@..@.data....I.......@...f..............@....pdata..\...........................@..@.gfids..............................@..@.rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.cat

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):11113
                                                                                                    Entropy (8bit):7.259709187516043
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:+FM3yFeJCNOL7yKnUi8rFWQF8olh+Il+jX01k9z3AevY57N:M0A4CFRBbEjR9zzvI7N
                                                                                                    MD5:4C8DA2A2CB7D869F319139A2F45D163B
                                                                                                    SHA1:B3313CCE1641373E303C650A1A1D5BDAE9AD6252
                                                                                                    SHA-256:F3A55EFEF76AB432ED24973DAD36116D7572AD717439E23B829E904638245C37
                                                                                                    SHA-512:04DD724CFE9E836053AAF1BE18DEEEC0E0E3D7EE8D665A10E76EAF39E7E28AE57378D7B03CF806A0A2EA8DF15F52F6D9D55C40BEE2499E20B490F610DEDB29E9
                                                                                                    Malicious:false
                                                                                                    Preview:0.+e..*.H........+V0.+R...1.0...`.H.e......0.....+.....7......0...0...+.....7.....w....(.F..%-4R....220809175614Z0...+.....7.....0...0....RB.9.1.2.3.0.F.7.B.5.C.7.6.C.6.6.F.E.7.5.5.9.5.6.D.7.1.B.A.2.4.9.B.E.F.F.C.A.7.8...1..70@..+.....7...1200...F.i.l.e........b.e.r.t.r.e.a.d.e.r...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+..........0...lf.uYV...I...x0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.1.3.D.B.D.A.9.9.1.4.C.D.2.5.E.3.3.3.8.9.F.C.6.2.D.D.F.9.7.D.4.E.8.5.D.C.A.8.5...1../0@..+.....7...1200...F.i.l.e........b.e.r.t.r.e.a.d.e.r...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+.........=...L.^38..-...].0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l...

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.inf

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Windows setup INFormation
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2357
                                                                                                    Entropy (8bit):5.392342502355359
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:RAiEo12NhqelOo57VGBIBbC8na5h9WnB6PNDwgNvYHAyj2a4Vo:eidsqDo5UR74qYkad
                                                                                                    MD5:461D311D15AC651FDB302FA836B1962F
                                                                                                    SHA1:D13DBDA9914CD25E33389FC62DDF97D4E85DCA85
                                                                                                    SHA-256:A27F0F9EBF2A8E1A394AF7F9A8459F912832ACDC6A0C5FD0122464E4858C7C86
                                                                                                    SHA-512:017E211FED07C4FA57AE569A0A3194A9768AEE2C013AD553751B55D5ABB63454FCC69303588852B5EAA4E1DF2DD5BB55A70296D23144A05D8753B8D160FE3352
                                                                                                    Malicious:false
                                                                                                    Preview:;..; bertreader.inf..;....[Version]..Signature="$WINDOWS NT$"..Class=BERTREADER..ClassGuid={bc930840-406a-4de0-a156-26a1e492bc9c}..Provider=%ManufacturerName%..CatalogFile=bertreader.cat..PnpLockdown=1..DriverVer = 07/03/2022,22.25.0.152....[DestinationDirs]..DefaultDestDir = 12..bertreader_Device_CoInstaller_CopyFiles = 11....; ================= Class section =====================....[SourceDisksNames]..1 = %DiskName%,,,""....[SourceDisksFiles]..bertreader.sys = 1,,..;.....[ClassInstall32]..Addreg=BertReaderClassReg....[BertReaderClassReg]..HKR,,,,%ClassName%....;*****************************************..; Install Section..;*****************************************....[Manufacturer]..%ManufacturerName%=Standard,NTamd64....[Standard.NTamd64]..%bertreader.DeviceDesc%=bertreader_Device, Root\bertreader....[bertreader_Device.NT]..CopyFiles=Drivers_Dir....[Drivers_Dir]..bertreader.sys....[bertreader_Device.NT.HW]..Addreg=DeviceSecurityReg....[DeviceSecurityReg]..HKR,,Security,,%SDDL_DEVO

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):44680
                                                                                                    Entropy (8bit):6.793582806994879
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:tHCpyImp/xaAS0qqtLDz1WfUfdPt8yiRpnjxlWF//dj9zl7n:tHURL90qWBHfdPt8yibn9lWZzl7
                                                                                                    MD5:27332C4D2D9B469399A66379D33FC1AC
                                                                                                    SHA1:7395903B16BAD6F9FB0E55FBF64C7E02BB3BD44A
                                                                                                    SHA-256:3D9D9922B92A00EAC17E765EE6E76CDD84D70A71FE107D9705BF4177B588A2BA
                                                                                                    SHA-512:0C7FD0D1AB24217861F1242C5AA06DF605C7B6E3354817B8BCCEF066FE27944D233A0B2E0477D42126C705830B205A51E27D2A683FC275BB5F28269F322114C4
                                                                                                    Malicious:true
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(...l.aDl.aDl.aD..fEo.aD..`Ek.aDl.`Dv.aD..bEi.aD..eEd.aD..gEm.aD..dEo.aD...Dm.aD..cEm.aDRichl.aD................PE..d....y.b.........."......@.....................@....................................,......A................................................H...P.......h....`..4....`...N......<....D..T............................D..8............@...............................text....(.......*.................. ..h.rdata..P....@......................@..H.data........P.......<..............@....pdata..4....`.......>..............@..HPAGE....l....p.......B.............. ..`INIT....t............R.............. ..b.rsrc...h............X..............@..B.reloc..<............^..............@..B................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):408448
                                                                                                    Entropy (8bit):6.389380622179822
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:+hJuQAO0BqV3FC/IsKdUAaGpLBTdWiUJdpaUohjH1jeKtDkn0SYi:yonBkFC/IsKd1a69TUl9oRAAi
                                                                                                    MD5:FE1D8D9A9E5A34E4C981E181FCD6ADF8
                                                                                                    SHA1:6ABE6A895816776F4A0700AAB265C3730F1D4090
                                                                                                    SHA-256:1AE5A7106C5EE9D56536589BA6880969A64BD1AF67B43D9FCE4FA2BF80E834AF
                                                                                                    SHA-512:AC3CDB07D256BB7B3B96BBE70309F6D96E32EF0D6E8B98F0AC9D143B7B942BB5EC53836B22971876FBEE698C8EB98850116ED80199D52E74EDAF549B9321F2F8
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k].C.3.C.3.C.3.x0.I.3.x6...3./~7.S.3./~0.I.3.x2.A.3.x7.P.3./~6...3.C.2..3.Jr..L.3.~:.D.3.~..B.3.C...B.3.~1.B.3.RichC.3.........PE..d...n1.b.........."................. ..........@.............................p......0.....`.................................................\........P...........4......./...`.......>.......................@..(....>..8............ ...............................text...|........................... ..`.rdata....... ......................@..@.data...$4..........................@....pdata...4.......6..................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):995
                                                                                                    Entropy (8bit):5.063091240090689
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:1TaNLRTZ2qpRKfzVICUObGJpzZ+lzur2Dtr9wrM9rA1aqne:1TC5ZDpkfzGCUObG7t+lar2hr9wrM9rr
                                                                                                    MD5:51988E7D081960EE1A725B66F405A28C
                                                                                                    SHA1:33C65A9E10F37C6E6A0CC5B1E8181F68334974FC
                                                                                                    SHA-256:B4DB143CB425BC0A20F73A69500BA05566D6A128219785AC94A96F9F67452233
                                                                                                    SHA-512:7F2FFF0BB7CB9E8B2EFA4312A6C014B13D8C6876F1481C7251BF492E6EB84514E56642C0AD548FB0596C6E1F2C411E6A4B472114B58D75AB2F1FE32EA9FF5D22
                                                                                                    Malicious:false
                                                                                                    Preview:cpu_signature=0x6066.// Cannon Lake Y, U.cpu_signature=0x806e.// Coffee Lake U, Whiskey Lake U.cpu_signature=0x906e.// Coffee Lake S,H,E.cpu_signature=0x606a // Ice Lake SP LCC Package 1/2, SP HCC, SP XCC, SP XCC -NS, 80L XCC .cpu_signature=0x706e // Ice Lake U 4+2, UN 4+2, Y 4+2, YN 4+2, D HCC.cpu_signature=0x806c // Tiger Lake UK 4+2 Product, YK 4+2 Product, Tiger Lake Y 4+2 Product.cpu_signature=0x806d // Tiger Lake H 8+1 Product, Tiger Lake H 8+1 Product old, Tiger Lake HLP 8+1 Product, Tiger Lake S 8+1 Product, Tiger Lake S 8+1 Product old.cpu_signature=0x9067.// Alder Lake S, SBGA, .cpu_signature=0x906a.// Alder Lake P, PS, HSB, M, Raptor Lake PX, Meteor Lake M, Meteor Lake P.cpu_signature=0xa067.// Rocket Lake S.cpu_signature=0xb067.// Raptor Lake S, SBGA.cpu_signature=0xb06f.// Raptor Lake S.cpu_signature=0xb06a.// Raptor Lake P.cpu_signature=0xb06e.// Alder Lake N.cpu_signature=0xa06a.// Meteor Lake P, S, M.cpu_signature_stepping=0x806eb // Tiger Lake Z 4+2.

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):119560
                                                                                                    Entropy (8bit):5.9398124082900745
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:OI49NYrrEIG00JY8EaPa2a6ezzESSfaz4zXo2bZ5RRxRFfss1eqn:O1XYrrn70njeq
                                                                                                    MD5:B06AA9A531EB51E2578DD69BD940427A
                                                                                                    SHA1:98AFEECB4FB79C5B196FF7AC6F3A1E2EAC89117B
                                                                                                    SHA-256:45BD085FB56B8A623D72E8206D3488B25BAFF83EB42F3AACEE0B911D7C644D07
                                                                                                    SHA-512:B3A4B45B10E0DE2E761D59B77A6CDB3C215995DA81F886816ADA06880BCFF934876096EA3A4F89AB272E7DC8C5628EA4020C85D279C53231D7736B86DE6AB160
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.~.~...~...~.......|...........w..\...............s.......v.......z.......|.......k...~...C.......o..........................Rich~...........PE..d.....1e.........." .....&...............................................................`A.........................................e.......n..h.......4................)......t....H..T...........................`H..8............@...............................text...&%.......&.................. ..`.rdata...?...@...@...*..............@..@.data....A.......0...j..............@....pdata..............................@..@.rsrc...4...........................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1082632
                                                                                                    Entropy (8bit):6.424944248958161
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:Q1GPSrRhtcOLx5N/q+q8b6joEt7y/M7erBxKr5leTrvVaHVdGeoEsKw0NfkfHfft:Q1Yk/lb6joEAMCrBxKr5leTrvVaHVdG9
                                                                                                    MD5:FAFB7BACC95631D54E911F32990448A2
                                                                                                    SHA1:CE791C30CAC0ABB3FBF2D9575154B1518241293E
                                                                                                    SHA-256:D5C478B28391CED98A8A9B76D6B450502E5914F9E47E59B641CD71CD8DCFF3C0
                                                                                                    SHA-512:40A79998C110D460DDFA476F2FDCB8147FE119FD9D94828931F6C99728331CC7D8CA505DFF79FAFAEE995EAD332C481202476051286318B84947B3FE4FF2516F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........n...n...n.......n..D....n..D....n.......n.......n.......n.......n..U....n..D....n..D....n...n...o..N....n..N....n..N..n..N....n..Rich.n..................PE..d.....1e.........."......T...........#.........@.............................`......f.....`.........................................P................@..4........+...\...)...P..........T.......................(......8............p..X............................text....R.......T.................. ..`.rdata.......p.......X..............@..@.data...@....@.......(..............@....pdata...+.......,...$..............@..@.rsrc...4....@.......P..............@..@.reloc.......P.......V..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):511752
                                                                                                    Entropy (8bit):6.433027617788735
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:1RV+hnSugWgxl+1+OR1CwAeDu7RUJwZj18weewSwC8w/183dHB:zV+hSugTxl+1+OzCwAeDYRUJwZj18weH
                                                                                                    MD5:89797A1E0D7673F2D75DABB37605D8B5
                                                                                                    SHA1:FB80C2D7935FDFFCB108D75E6544EAF9DCC57C77
                                                                                                    SHA-256:DFD35F1ED7DD48BFEB28F722881FF95E44486BCE37221232EAE13B96F3A8EDB4
                                                                                                    SHA-512:5402FA8C1563DB4EBF5FABE924EFB39718138BDD719CACCE2C4B70FE6F9394DF97E2EE198318E5E0EB5409AC98B981F52CCA80F9DD146F332538EBE31AC9AE84
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U...;...;...;.:...;...?...;...<...;......;.>...;.?...;.8...;...:...;...=...;...:...;...:...;...3...;...;...;.......;...9...;.Rich..;.........PE..d.....1e.........." ................. .......................................@............`A........................................0...4...d........ ..4................)...0..P.......T...........................p...8...............0............................text...x........................... ..`.rdata..............................@..@.data...P....@...\..."..............@....pdata...............~..............@..@.rsrc...4.... ......................@..@.reloc..P....0......................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):521480
                                                                                                    Entropy (8bit):6.427680367272837
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:sYDrdaVNVs7Dx/DhbYMQ1raP3m7rUJwZj18weewSwC8w/18GQY6:sYD4NG7Dx/dEZ1raP3grUJwZj18weewr
                                                                                                    MD5:4BD187F27472F5D7127EDE47DE56F55F
                                                                                                    SHA1:A128118017F91E1B678AF8E1CAA39D9B98B9FEF3
                                                                                                    SHA-256:87EA5680A5B0580504510580F86993D7509B6980ED0208B761F490AC3D2C188D
                                                                                                    SHA-512:679536D2321C41C425228B383E10CC06E59449F4F2BC8EFC5E3F5B51020421E96AE8E6AF05559D580B7F524D0A4D72092674CA9B1637E20ACE25B990CA5CDF66
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........V7.8d.8d.8d..9e.8d>.<e.8d>.?e.8d..d..8d..=e.8d..<e.8d..;e.8d/.9e.8d>.>e.8d>.9e.8d.9d.8d4.0e..8d4.8e.8d4..d.8d4.:e.8dRich.8d........................PE..d.....1e.........." ................. ....................................................`A.........................................>.......@..........4....`...........)......h.......T...........................p...8...............`............................text............................... ..`.rdata..6...........................@..@.data........`...\...H..............@....pdata.......`......................@..@.rsrc...4...........................@..@.reloc..h...........................@..B........................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25864
                                                                                                    Entropy (8bit):6.456099960661106
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:mbioi0UHfld3jotn9RZLDy8pwKNsehdDLQvdGoGCJEF8ZpHnSm9:+hU/3sBzZmpehdD2lEFiRn99
                                                                                                    MD5:D77C23AAC7355591B819360D6837BCFD
                                                                                                    SHA1:C56F6F412F6337CD3A62FD8B068A48B4CD2FCFB5
                                                                                                    SHA-256:3D78CAE258046BEC25D3042C3AD6BB60F2155E1E0C3A8706117BAC6D7A89852C
                                                                                                    SHA-512:550F2D29011DEDDA51BC831E6FB9770DCB79E0C0CA4E91654C22B40EA20504C597E690E341116160093D48B9DF8CD4B2B339957B2BAA7E5353B58C856D152454
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u...............l#......`.......`.......`.......`.......f...............`.......`.......`O......`......Rich............................PE..d...].1e.........." .................................................................j....`A........................................@9.......9.......`..4....P.......<...)...p..(... 2..T............................2..8............0..h............................text...2........................... ..`.rdata.......0......................@..@.data........@......................@....pdata.......P.......0..............@..@.rsrc...4....`.......4..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1144584
                                                                                                    Entropy (8bit):6.402217683627363
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:jm5h1wS2S6WdHqs+3A3zQJ6tyfRaXYG8KIsJj4T0LTfgakFtDAfbGGWnwIyougw3:jAaIzQJ6tyfRaXYG84Jj4TeTgakFtDAt
                                                                                                    MD5:8B700D6B731A6634BF45E53AC0DB5AA7
                                                                                                    SHA1:D023063C7658F0813566A7607E4096DE1B15ADD3
                                                                                                    SHA-256:BD66079D935C1A9C1ADAAF8741490E0A4A21129E6C75F7950306535630264F92
                                                                                                    SHA-512:51B3C2D26878A32B8FBB8FB97293D938D153B16765B161F00E8383F0C9A1F29FD37FDD1521751EBDB7E20E740E463C819EAFF189D37534D8A2926A56521ADE79
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........D...................w......w...................................f......w......w..........4...}......}......}.t.....}......Rich....................PE..d.....1e.........."......"...(.......#.........@............................. .......i....`.............................................................4........)...N...)...........q..T....................s..(...`q..8............@..`............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data...@........$..................@....pdata...).......*..................@..@.rsrc...4............B..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):168712
                                                                                                    Entropy (8bit):6.265639386724887
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:G36HjlPeby8V0qGIzTe9cUIDsssNxsssPAkWV00W02R2222gR5cccccccccccccY:GUjlPebyChGKFWSjet
                                                                                                    MD5:C5E8D3A6F7781EF56212EE81C5F7BB2D
                                                                                                    SHA1:BBE0ED80E0907FC26FE6F15DB1B3043A91E55729
                                                                                                    SHA-256:687C8CC7418ED62877AB3613FAB48A32C7D5E7B6DC9D6A214739FC854451A9DB
                                                                                                    SHA-512:90C357B3CA1D451E3F451EE17915B6A432107B2A821A89A62F034552C03E005419F228C245997BE421BB6678E77274A7A7E3CF75C54BD06F5AF2A67A3D540C5A
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........\...\...\...0..^.....]...U.;.D.....]...0..P...0..T...0..X.....^.....G...\...q.....R.....]....W.].....]...Rich\...........................PE..d...j.1e.........." .........R......p...............................................g.....`A........................................`V...... [..h.......4............j...)......T....6..T...........................07..8............0...............................text............................... ..`.rdata...:...0...<..................@..@.data... ....p.......T..............@....pdata...............X..............@..@.rsrc...4............b..............@..@.reloc..T............h..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5695
                                                                                                    Entropy (8bit):4.8455243892912545
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:TSybmLL6ze5/1Erf2z2kR2XSISyNmLLIzY5/1Erf2f28+RAPYvpdZv7bd7vO9Njx:D6LA1ruyK2XSQ0L+Xruu88APYvpdZv7e
                                                                                                    MD5:E2F0F95FC5D0D6222500B49333A25635
                                                                                                    SHA1:47318005B5D6378427F39713B61138994D72D43B
                                                                                                    SHA-256:584232BB9F8A7DF98B787173538494CFF797B74A350C63F968B8C45E963C1819
                                                                                                    SHA-512:0227E9F548E4FFB800CE6C3B81DBFDBC41DD540E28889A8372A7AF4AE54076286EBFFA813AF88040B34EA1BEDEEAB6DCE16696382AA2D3F69268279E64988739
                                                                                                    Malicious:false
                                                                                                    Preview:<Session>. SessionName=CAPISession. // a real-time session runs within its own thread; a session can host one or multiple ETW providers. EtwBufferSizeRecommendedKB=8 // 0 to let ETW decide. EtwMaximumBuffersRecommended=100 // 0 to let ETW decide. LoggerQueueCapacity=0 // max live queue capacity. ParsingWorkersCount=0 // number of parellel ETW event parsing workers; default: 0. ParsingQueueCapacity=0 // maximum number of ETW events pending in the parsing queue to be parsed; default 0 means no limit. LoggingSpeedup=No // use speed-up mechanism for logging pre-configured event data. OverrideExistingSession=Yes // whether to overwrite existing ETW session with the same name; default: Yes. EnablePropsAutoDiscovery=No // Whether to enable auto-discovery of properties/keys of the specified ETW events. LogEventsToEtlOnly=Yes // whether to log events to etl file only without parsing/logging to sqlite

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.bat

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:DOS batch file, ASCII text, with very long lines (1006), with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):95002
                                                                                                    Entropy (8bit):5.165349551731283
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:oiqHq4BednSBoE2KMTImYXo1PZASIzQsF60ZJKIGJKNRwt7KxhQkqQxInLrA8J5N:0mYXo1I6yHpPer
                                                                                                    MD5:64644ED0FEF5DED2FDC74DE4CE93316C
                                                                                                    SHA1:BF408F98D4AE8F8B93ED611C514F82DCC8071743
                                                                                                    SHA-256:07BC6737F5488E2447E6E087D8E2D0E0A545528CA9AB462DE47FB5A876B6C09B
                                                                                                    SHA-512:802EAB341DA551C6661177236D1D0A90FC7A56772FDCCAE967AA2554484303F6FBED3A84EBF8F5C2469E0B7F6BA945091DDAF412A62B1B185D0A2AF50B3C7C07
                                                                                                    Malicious:false
                                                                                                    Preview:@echo off..setlocal enableextensions..setlocal enabledelayedexpansion..%SystemRoot%\System32\chcp.com 437 > NUL 2>&1....rem //-------------------------------------------------------------------------..rem // ATTENTION: must be run from BIN_FOLDER! This will be checked...rem //-------------------------------------------------------------------------....rem //-------------------------------------------------------------------------..rem // Configurations...rem //-------------------------------------------------------------------------....rem //-------------------------------------------------------------------------..rem // Install mode...rem //-------------------------------------------------------------------------..set INSTALL_DISABLED=NO....rem //-------------------------------------------------------------------------..rem // Debug & execution settings...rem //-------------------------------------------------------------------------..set DEBUG=YES..set EXECUTE=YES..set /A COMMANDS_C

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):256264
                                                                                                    Entropy (8bit):6.295762430392763
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:7s6ryPjYTMityGIIzkEGir0ZHHrCnd2T2lwOEsKPGuWKzvvMvvvvvvvRRvvvva95:7M70ty2kcQeEs+nYNBLMeG
                                                                                                    MD5:9F182AA0A638E9A9F9B5DF313DF3248A
                                                                                                    SHA1:96F19F6444B199F90D07D17721AAD5C750D2677C
                                                                                                    SHA-256:D06857DB54A2F2278E7B90B58486867E0CD54B44C2D7D246A6113E4F79DF8526
                                                                                                    SHA-512:C5BEAF8399BC77B42FE1E1CB505892F15D8BDEEC01F683073B11C6CD27000C61E64422E16794A4B26C0B1D960AA8DFCFD558D2820E4CB3459DBA8FF50AFEFD86
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J..+..+..+..._..+..S2.+..iY..+..._..+..._..+..._..+..iY..+..iY..+..x^..+..+..*..c_..+..c_..+..c_^.+..c_..+..Rich.+..................PE..d.....1e.........." .....2................................................... .......:....`A................................................L...........4................)......d...0X..T............................X..8............P..H............................text...f1.......2.................. ..`.rdata...M...P...N...6..............@..@.data....J.......&..................@....pdata..............................@..@.rsrc...4...........................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):399624
                                                                                                    Entropy (8bit):5.716798827813645
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:9I4PhB9D8zsVZ0QtqhPLoFppKccIosyjojAezrAQxiyAUUS7ARqw+LVk3hSXlllB:9HRozsVOQtTmsy0j5zs8dV6er
                                                                                                    MD5:5B8FC4A2DA657D493B8A7EA9B37B42B0
                                                                                                    SHA1:A3DB034A256E3859B17717982F0940AD162F9846
                                                                                                    SHA-256:253AD684170B543270B9E0E3562B73C2ABCD7C0F81CE93A05EC2219BAA27BA22
                                                                                                    SHA-512:20149DC9DE93147C4254A471AA010FC298AF4AE7EEC636505EDCCD58BF02B333E5DE94BEE2EC60E37E5AD60E25F6BE7ABA27631C830B557F39024E9C86D31F04
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*vGvD%GvD%GvD%+.E$EvD%N..%_vD%..C$FvD%+.A$JvD%+.@$OvD%+.G$CvD%..@$EvD%..E$]vD%..E$DvD%GvE%}wD%..L$PvD%..D$FvD%...%FvD%..F$FvD%RichGvD%................PE..d...X.1e.........." .....t...x...............................................@.......^....`A........................................@...$...d...|.... ..4................)...0..d.......T...........................p...8............................................text....r.......t.................. ..`.rdata...P.......R...x..............@..@.data...............................@....pdata..............................@..@.rsrc...4.... ......................@..@.reloc..d....0......................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):269576
                                                                                                    Entropy (8bit):6.280195575772646
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:spxUsIuaRoP07cRB8P+jcxLCafHOr4wW7No69hK5j9t1Lt3+vTKlnZvVwJKyJK7F:spx/aRowLCa5No69MjFR5pqeMc
                                                                                                    MD5:4CB31A6CB8F1C2FEDAE4205DE719E502
                                                                                                    SHA1:091E053D31148E8FD4025E561749B9851A9520B6
                                                                                                    SHA-256:8C6C8B62D569BCBE3D92358D81ED62174C82961CFF6898018A2AE24D55F6E4F4
                                                                                                    SHA-512:10D4295A1BB8A2CDAB0B7BD62E337AB17BF89771C516F584B2F784EBA9B9C3CB5F53810F66F3451841901FEC40F073CD3005265BDE8797E1EC77D99C7EE2A4D5
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......]..O..............F...................u.......u.......u.......u.........................z.....................*.............Rich............................PE..d.....1e.........." .....@...................................................@......r.....`A............................................(............ ..4.......X........)...0......te..T............................e..8............P..x............................text....?.......@.................. ..`.rdata...k...P...l...D..............@..@.data....9.......*..................@....pdata..X...........................@..@.rsrc...4.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):241928
                                                                                                    Entropy (8bit):6.276268972207339
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:147/QLNEF/YO54685ppm26xC+Vb1BMgAeejliDtee10HbqvnRCMRxccccccccccJ:14cLNEFwO54H5pdJjoDmC7sOLey
                                                                                                    MD5:662689900BFE008C82B178371AC3C00B
                                                                                                    SHA1:0162AF83C252EC1D2871586EDF28E2081E63A0FB
                                                                                                    SHA-256:912DD82EE7380D404C2B2D20AA8B6DAD3643BD12778C748DA9D5480B5A6E5C7E
                                                                                                    SHA-512:500D7091B795DF84D6BB25C73E6BB57BA198EEBCC74D0FD13FBA74A5A0690E80EF65AF5C0FB6C00716380D52DC67AA75BC08B300436AC64ED991500158040A8E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w..T3...3...3...:.../.......2.......2..._...5..._...%..._...;..._...7.....1.......(...3...j....+.....2....s.2.....2...Rich3...................PE..d...Z.1e.........." .................+....................................................`A.........................................T.. ....]..........4................)..........0%..T............................%..8...............p............................text...,........................... ..`.rdata..$d.......f..................@..@.data...`............j..............@....pdata...............p..............@..@.rsrc...4...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):273672
                                                                                                    Entropy (8bit):6.276389880739214
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:a4h2mw+wtBgI+4LaE+pfsXgAuYTwNIyDldGm1MBL6gGUhia2NN8N1N04NNNNNeNj:ajtBgIIsXim2MLYRfY1eR
                                                                                                    MD5:23891C2D988D2362DF0E345A8B47476B
                                                                                                    SHA1:91CC8E66A40FF8CDE225A2CD9F5322D360333DED
                                                                                                    SHA-256:AFA11B2D268EDA97E7C66275656AA6B8DC553315A63825805CCA5D4A3019DF3D
                                                                                                    SHA-512:7C85F409A39257F4B3AE446CBA41C4A292424412A53D2204C8CE5F6CD9402851E2FE2CC36D37690B5598711B7BB3B25075401F767B7507F3C75F77A279EEA377
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................a.........a......................a....p..........k.....k.....k.t...k.....Rich............PE..d...P.1e.........." .....b..........p.........................................}.....jZ....`A........................................ ...$...D.........|.4.....|.t........)....|.T...@...T...............................8............................................text....`.......b.................. ..`.rdata...Y.......Z...f..............@..@.data.....y.........................@....pdata..t.....|.....................@..@.rsrc...4.....|.....................@..@.reloc..T.....|.....................@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):239880
                                                                                                    Entropy (8bit):6.26444473169857
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:NTeYoVj/sNArIKx0Fp2jp+uep+WZxGGGGpGGGGGwNYGGGGGGGGGGGGGMGkk2bDRV:NGVj/ru+mARXMFeXH
                                                                                                    MD5:5328228E0CDC5C9D21BEE9BA4B61A371
                                                                                                    SHA1:ADC064D60A4B52291FCE4EA9D26B7B65C4AE6379
                                                                                                    SHA-256:936A8BDDEBCAE42BCAB57A9EC5DE6DC14A404501CFB3C351728D21A941037BDC
                                                                                                    SHA-512:725B2551E40274AF2D40F6B0C115F2FB47C0D4E0F383E692786B6695B2A58BFC24B0BE49EA91AEA2EDEEB8A1C494EE9901492897F3653C3E48F8F4020D197A4E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K9[P*W.P*W.P*W.<^V.R*W..XS.Q*W.YR..H*W..XP.Q*W.<^R.]*W.<^S.X*W.<^T.T*W..XV.L*W.._V.S*W.P*V..+W..^_.D*W..^W.Q*W..^..Q*W..^U.Q*W.RichP*W.........PE..d.....1e.........." .........z............................................................`A.........................................Q..@...@Z..|.......4.......x........)......l....(..T............................(..8............ ...............................text............................... ..`.rdata..lM... ...N..................@..@.data........p.......T..............@....pdata..x............j..............@..@.rsrc...4............x..............@..@.reloc..l............~..............@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):483592
                                                                                                    Entropy (8bit):6.144926407704706
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:YBEEWM1UhOHWXNRcDfjdYXySvN/CjtjWJBqAeeq:YBEG0OkKjdYXySk6qAvq
                                                                                                    MD5:700CF6A591C5FED4B52C064317825321
                                                                                                    SHA1:EF359A9B0F870557FAA2566D7E88D19FC9ADB9A6
                                                                                                    SHA-256:3C04E73A8D985368DBEC4CC4FF16A6D49EDA23CBD402C1E7AD4A809E61C6039C
                                                                                                    SHA-512:E1C3BA6FE86A9C464B3110CD232FD8D694E7C26512CA3BE11FED7734ACEA5940D5EA7843DBFA6A9EAC2E50E093916E0F9A061B17F3B8B714EF752A9DDB4753EB
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g:Ta.iTa.iTa.i8..hVa.i]..iBa.i...hUa.i8..hYa.i8..h\a.i8..hPa.i...hVa.i...hta.i...hWa.iTa.i<`.i...hta.i...hUa.i...iUa.i...hUa.iRichTa.i................PE..d.....1e.........." .....6..........0...............................................Rq....`A........................................p.......h........`..4....@.......8...)...p......0]..T............................]..8............P.. ............................text....5.......6.................. ..`.rdata...j...P...l...:..............@..@.data...(x.......p..................@....pdata.......@......................@..@.rsrc...4....`.......0..............@..@.reloc.......p.......6..............@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):251656
                                                                                                    Entropy (8bit):6.28940064699354
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:BIBDBGfBMh6NTsts9NpAQFfFXXHKG0BC/qKVuhyuTGGGJJHHXHEHCpa27AkRxccO:BCBGfBMh6NTYizCC/qKEaRgFRUeD
                                                                                                    MD5:FE1D09C20CE465615B9C5102E3093BFB
                                                                                                    SHA1:B55EA78E01F1BC8531B09FB439E7261F68F4ACA9
                                                                                                    SHA-256:57BE641B84D338A990C00244CD84E3B26C1F3C96AC69A991AB377B346D0F7043
                                                                                                    SHA-512:D437C195C94FECDF4815BC1609C000F134ED60F7DBCE49A4CD5F16A0E891BB2EE0E91D68448C0301C98C695D26808CF6CACD0CF078887718E7ED78F7240BA55B
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>Qxqz0."z0."z0.".D.#x0.".B.#{0."sH."f0.".B.#{0.".D.#t0.".D.#r0.".D.#~0.".B.#b0.".E.#y0."z0."11.".D.#i0.".D.#{0.".D."{0.".D.#{0."Richz0."................PE..d...Q.1e.........." .....*..........................................................O2....`A.........................................t.......}..|.......4................)......p....H..T....................J..(...0I..8............@...............................text....).......*.................. ..`.rdata...Q...@...R..................@..@.data...4&..........................@....pdata..............................@..@.rsrc...4...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):390408
                                                                                                    Entropy (8bit):6.332430436550022
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:WvvWEgPvu+kL+4VQQWMuqASdxGnjRBoe6:6Wh37kL+4Wh+AaaRBN6
                                                                                                    MD5:FF27BED0F7656BCB8EA6D392521047F2
                                                                                                    SHA1:E6F9AB02CCC685C1FFC7D0DAC86118C32EB26C06
                                                                                                    SHA-256:B4E37CF3F32C398EADBB1C01C624FA519F28113378E7E016B3049FB2544A6ED4
                                                                                                    SHA-512:E098205956F65537371A29AAE12506E83544DBDE635DAF4A4047DFBBB013E55453245DFCFB5C942D462BFCC9BCAF1C31E8E408BAA12113778225EF6FE14E501F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=...S...S...S...R...S.%.W...S......S.%.T...S...V...S...W...S...P..S.%.R..S.4.R...S...R...S./.[..S./.S...S./....S./.Q...S.Rich..S.................PE..d...j.1e.........." ................p........................................0............`A....................................................|.......4................)... ..........T...............................8............................................text............................... ..`.rdata..nS.......T..................@..@.data........0......................@....pdata..............................@..@.rsrc...4...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):81672
                                                                                                    Entropy (8bit):5.617895597237877
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:nEucRPE1eJAB863GttTHJszDz4zOxRRxRssqe9ei5q:nEucRfJABT3GttTHJszDz4zOxRRxRssM
                                                                                                    MD5:60CDEB4899293F5EFE8955A1156B2AF1
                                                                                                    SHA1:514AE76FD7C2C1059F6B03E94CD9BD09097DC737
                                                                                                    SHA-256:F915088BEE7BDD608A8765CE6A9AB5669AC47459E1A11C5EF0926030E14658C3
                                                                                                    SHA-512:22028BDF88996066C3F15E0946ED808B3448F6699C598CBB00CA24AA2154DE559595DE0994EE9F16D5CE6575C8497A7F9189BB2F6CB911A5E14FDB1AA984E266
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.jY<...<...<...P...>.......=...5..........=...P...1...P...4...P...8.......>.......3...<...........-.......=.......=.......=...Rich<...........PE..d.....1e.........." .........`...............................................p......o.....`A....................................................,....P..4....@..0........)...`..0.......T........................... ...8...............0............................text...&........................... ..`.rdata...2.......4..................@..@.data...@"..........................@....pdata..0....@......................@..@.rsrc...4....P......................@..@.reloc..0....`......................@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):678664
                                                                                                    Entropy (8bit):5.894030517449503
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:gl1rjUtf9yGkptwujoy4Jphr+4pnlMaFR4SiE+64Des:grjUh9KpLjo/r+qltL+6Bs
                                                                                                    MD5:C9B698FFEDF42A0D5FC15C2F513831AC
                                                                                                    SHA1:6A8B28197632FB424955B70FAED57CED8758968E
                                                                                                    SHA-256:20D2F723B2D84B68449DE9906B9F7DA3D4CCB29198952D95018EE403492674A0
                                                                                                    SHA-512:1F182B0F9BA83D6FBD418FF4454FA1BC7705DA46AD0EA3500B098C4F375FCDEA80544388A08BC95FFC45FF7EE4289B9F2FE0D7E6B2F53399B98B9848FD9D9E8D
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......OI..(...(...(...Z...(...P...(...Z...(..g\...(..g\...(..g\...(..g\...(...Z...(...]...(...(..Q)...\...(...\...(...\z..(...\...(..Rich.(..........PE..d.....1e.........." .....6...........\....................................................`A.........................................w..................4.......<....2...)......@...P1..T....................3..(....1..8............P...............................text....5.......6.................. ..`.rdata...G...P...H...:..............@..@.data...............................@....pdata..<...........................@..@.rsrc...4............*..............@..@.reloc..@............0..............@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2556680
                                                                                                    Entropy (8bit):5.0942808392072685
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:bxBzqOn/c4Z1PN2cct5SatyY+wtAqH1p1D+ZEhLoy1KTkdtnkc0:bxBzqOn/c4Z1cFt5SatyYbVp0ZuogsD
                                                                                                    MD5:A6AA1CEE74CF37D66F7971A12799CACF
                                                                                                    SHA1:E74DEA6E3EE0DEB7C4132FE5CCD2AE9EF6DBF69C
                                                                                                    SHA-256:C7C0C544D57FC6D81EC863A0D9E5C4DD1CA072504093CDD5B8D0E5D8628D4F43
                                                                                                    SHA-512:2311C9EC5DD3B61FA7ADF2EC4D837BF3ADD5C8628250CD491D9196A440283322117E147FF925D4CCD60E43F62F0647865080A55576B44CFE3E67AEEBA8B8CCDA
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5...[...[...[...Z...[..._...[......[...\...[...Z...[...^...[..._...[...X...[...Z...[...Z...[...Z._.[...S...[...[...[.......[...Y...[.Rich..[.........PE..d...C.1e.........." ................ ".......................................`A.....k.'...`A............................................,............@A.4.....A.......&..)...PA.t....I..T....................K..(....J..8............0.. ............................text...K........................... ..`.rdata.......0......."..............@..@.data...`.".. ......................@....pdata........A..0....&.............@..@.rsrc...4....@A.......&.............@..@.reloc..t....PA.......&.............@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):596232
                                                                                                    Entropy (8bit):6.299907225163039
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:YPWZCCrARfpBzLN2hfqLw0p1h+isErQKB3ec:X6RfLzLN2hCLw0jgisuQKBuc
                                                                                                    MD5:35E08C9FBB15035B99F5D6EC43A6A740
                                                                                                    SHA1:CAF7B8D21ACE1FAFA772DA9332EE1BF617754652
                                                                                                    SHA-256:48CB0561E22E334BF4F143095BCBA8DE9E80C329BA0A999F9F0EF6EE02EA7A80
                                                                                                    SHA-512:D14D17F8981593C4C14BF02287B234133669A39C47760BCF70BBB541E6026EEE5463F76FEBE2CA38D868FC268116FCA97CA2BF433DC16FF2F6116C964BD6F5CE
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X. ...N...N...N.p.O...N...J...N...I...N......N.p.K...N.p.J...N.p.M...N...O...N...O...N...O.V.N...F...N...N...N......N...L...N.Rich..N.........PE..d...S.1e.........." ................`^.......................................@......;F....`A.........................................v............... ..4................)...0..h....:..T....................<..(....:..8............0.. ............................text............................... ..`.rdata..Hh...0...j... ..............@..@.data....W.......J..................@....pdata..............................@..@.rsrc...4.... ......................@..@.reloc..h....0......................@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):225032
                                                                                                    Entropy (8bit):6.222179048387326
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:ibjh6AYjRbUxfj1/jITaiRTt4gq3BruDZK1z7x6////////en/////////Nt5t/1:ix9YNijIfB0zXwmeA
                                                                                                    MD5:6D3C85DC1F4AEFABFE5A1E13CE38DCC6
                                                                                                    SHA1:0595238A512645DDF2237408063F45A011FCF826
                                                                                                    SHA-256:D05E6B49922968648CE1E62E55E19FBDB038C7E3E86673FD92DED7998A84EA72
                                                                                                    SHA-512:03AF0E690F4FE9E047DF8FEF04EF63ACA92C729B171375B19810B47A026F956D49AEB107B0B17E41AD5189AFACA5F4E39EAE0F20E890BEB0904DB218B553FA63
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........}............................................................................................................................Rich............................PE..d...U.1e.........." .........j......0...............................................4&....`A.................................................6.......`..4....P.......F...)...p..........T...........................P...8............................................text...L........................... ..`.rdata...Z.......\..................@..@.data........P.......8..............@....pdata.......P.......0..............@..@.rsrc...4....`.......>..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):364808
                                                                                                    Entropy (8bit):5.958806741929314
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/knak715+8l8lZQztQthfpxhHFm0q6ePe1EoYl3zTB4YOfbsmBRmYk5AHeUjJ60R:/Ca+1bl8lCzt6hfpTH476hBnWKwen
                                                                                                    MD5:45E7D4010109F38D2747C496C66C2B6A
                                                                                                    SHA1:AF56501B772A04ED51DDD55E5CF9C6512C4086CA
                                                                                                    SHA-256:EBB325C6D00BA55D71B9FC3C0CD69ADA4E0EF6C80B3A63AF737A66DC0798DF21
                                                                                                    SHA-512:DD60F88701C64E9F480C15B214912422CE77E8765BB60443EB55B31DEF4E106AB4B267133DDF0B73B5310F8EFF70D1E241870FF5EB6C0F3299352980FAD835C7
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........KH...H...H......I...A.#.V......I...$..N...$.._...$..@...$..L......J......_...H..........\......I.....O.I......I...RichH...........PE..d.....1e.........." .................L....................................................`A........................................P@......LI..........4.......L....h...)......X...0...T...............................8............................................text...l........................... ..`.rdata..@...........................@..@.data....3...p.......P..............@....pdata..L............J..............@..@.rsrc...4............`..............@..@.reloc..X............f..............@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):270600
                                                                                                    Entropy (8bit):6.301637144442786
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:dn2ZqblLj1IsfdboYaSXRpKOmDBncjfJCOTGm/PrZ6eBLS49Q2cQnK1ARZD3FrVj:dvblLj1IWz7KOmDWZQZh8Ge5
                                                                                                    MD5:525346D7B1DA797C45B1840852455CF9
                                                                                                    SHA1:909C35F36ABADB13BC8873191D1D253BC01C7408
                                                                                                    SHA-256:3FBAB0C310D061F7DA808BD9BFF2CE63F82D116E6AAE03E354D2AE691FA37667
                                                                                                    SHA-512:EF2795B90422B72D267280F12CD8D101E452C432307B888955D5D0CB00D4D50344F07640F1F26F012716E18125160B3BD007CDCEC86A3A6BB54CAD81C861E6A9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.|t3..'3..'3..'_..&1..'...&2..':.')..'...&2..'_..&=..'_..&;..'_..&7..'...&)..'...&0..'3..'...'...& ..'...&2..'...'2..'...&2..'Rich3..'........PE..d...P.1e.........." .....Z..........p........................................@V...........`A......................................................... V.4.....V..........)...0V.....Pz..T....................|..(....z..8............p...............................text....Y.......Z.................. ..`.rdata..TS...p...T...^..............@..@.data...$9S......0..................@....pdata........V.....................@..@.rsrc...4.... V.....................@..@.reloc.......0V.....................@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):22280
                                                                                                    Entropy (8bit):6.5744860053038625
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:iQJ1r55vjDpwKNsehdDWR8GoGCJEF8ZpHVB2Q:iWN10ehdDBEFiRiQ
                                                                                                    MD5:62426B32B301CFA180385C07A912318A
                                                                                                    SHA1:832335AE585D6762C6EA75221876E9E04F9AEB88
                                                                                                    SHA-256:5B5BD840892D3633EF66DF6FE355DE330191599A1D47D1C7A42D254BFD8CD374
                                                                                                    SHA-512:F159FF5E3649159A2BADA1A1E9A15D81D0A900AAF630283834D847E505B58D1C7A981C66F327ABFBF71C52C31D103473B76CD9F41DFA256F88613B39AAC51028
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................'.......................{.........q.....q.....q.K...q.....Rich...................PE..d...q.1e.........." ................`........................................p.......)....`A.........................................(..l....)..d....P..4....@...........)...`..(....!..T...........................P"..8............ ...............................text...H........................... ..`.rdata..2.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc...4....P.......&..............@..@.reloc..(....`.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):226056
                                                                                                    Entropy (8bit):6.261474415995603
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:DlLTR+7XrwUIq7JYBw6tFn3sau1P6Pa7AkRxcccccccccYCB3cRa1aaRa1aooESU:NTarnXHVRKYveE
                                                                                                    MD5:1D4D5AFB2A11244A52F8F38A9EEE114B
                                                                                                    SHA1:994DFB5757312FEDDA7D0AA6A63A63BA17035C14
                                                                                                    SHA-256:600382AE20EF94630DA28BC1B57FA41F3757934733E81BD4D4685AF3C3CAAB8B
                                                                                                    SHA-512:67B746912F83E1049D8B1A61F089601235BE3E84152F30F5772A153FCEE9F24472FD6BD9A293B3581C31D0484DCD61C96141EBBA83E4D766340906D3CBF4A85F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..bV..bV..bV..W..bV.".R..bV......bV.".Q..bV..S..bV..R..bV..U..bV.3.W..bV.".W..bV..bW..cV.(.^..bV.(.V..bV.(....bV.(.T..bV.Rich.bV.........PE..d.....1e.........." .........b............................................................`A.................................................7..|....p..4....`.......J...)......l.......T...........................p...8...............@............................text...V........................... ..`.rdata..2J.......L..................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc...4....p.......B..............@..@.reloc..l............H..............@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):220424
                                                                                                    Entropy (8bit):6.2695136002527025
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:rBrEjuZF7h++uzwJ3jsfXV47uHnev4xrIADRxcccccccccaccccccGCF1aRa1aaE:rZlXh+X9xbRr2s2ei
                                                                                                    MD5:44641B36688F946DD1FA606749C4AC47
                                                                                                    SHA1:009F80B048D46C19245AFFC583BF8FC4990A23A5
                                                                                                    SHA-256:BC170F37292D124E7CBD294CC9113E549D9DB07506A1BA45EE04B8A11341ACAC
                                                                                                    SHA-512:AA15F2560B4C621B437B1C82F632024BFEC822262417AD35AB878E3C26330512884DCCEE4A93E3860978BB31346C875E44E307A3489C32678508BB4D259AA88F
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........0..^...^...^..._...^.].Z...^......^.].Y...^...[...^...Z...^...]...^.L._...^.]._...^..._...^.W.V...^.W.^...^.W...^.W.\...^.Rich..^.........................PE..d.....1e.........." .........b...............................................p.......z....`A....................................................|....P..4....@..d....4...)...`......@...T...............................8............................................text............................... ..`.rdata...I.......J..................@..@.data...D....0......................@....pdata..d....@....... ..............@..@.rsrc...4....P.......,..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):248072
                                                                                                    Entropy (8bit):6.202020599878999
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:t1e7WJkf9tzrHBTZh5OuZHE7OCwXeYpJ2tu/t/z///ZPI8c9cc//M8kKfH6cccch:tY7ZjlFXeYbzek
                                                                                                    MD5:CF636AF19E61A2F682277945CFB7C9A9
                                                                                                    SHA1:268CE4EC20C213282AB1FC575709B0503B5832B0
                                                                                                    SHA-256:7807E6C026F2A85E8205099A4D83F878B4C7D9E6F4266884C09370DC87C6AC1A
                                                                                                    SHA-512:4FB899F55E00E51702174EAB99906D63B0E903F745002086873A1DEC1BC4734CE9F961908C05E23B52EEB2F1C374865B8944511EDEB5CF2C7170601FCD2C53D9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D$...E...E...E..l1...E...7...E...=o..E...7...E..l1...E..l1...E..l1...E...7...E...0...E...E..-D...1..E...1...E...1...E...1...E..Rich.E..................PE..d.....1e.........." .....@...\......p....................................................`A........................................p{......h...h.......4.......,........)......h...@W..T....................Y..(....W..8............P...............................text....?.......@.................. ..`.rdata...E...P...F...D..............@..@.data...$...........................@....pdata..,...........................@..@.rsrc...4...........................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6088456
                                                                                                    Entropy (8bit):6.078697480053801
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:hn+Fg06HYhKVUolwLP3Z1CPwDvt3uF+DCtD:lig06HIKVUolwLvZ1CPwDvt3uF+DCR
                                                                                                    MD5:B08B686FFABE27D73E168E7306A04D37
                                                                                                    SHA1:9378871C96CDE652431A5A5010A1B041A9CA1FA8
                                                                                                    SHA-256:5CA43C884094174D1F6D4229FA5761C1DD8E44DF2EC49084748BCE62AC586567
                                                                                                    SHA-512:3F07073A5BF247FF236FBCB53357EF190F8E0FC5EC4974E009471B0B1A5E5FD83CF9BC0B0739245B7A3DB0CF5B4ED99C356D62D073DDB2519AF2DB13E6B97D5E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!...OM..OM..OM...M..OM..NL..OM..JL..OM..KL..OM..LL..OM..NM%.OM..NL..OM..OM..OMU.KL..OMU.OL..OMU.M..OMU.ML..OMRich..OM........PE..d......e.........." ......D..L......X........................................P].......]...`.........................................p.U......+\.@....`\.s....@Y.,.....\..)...p\. ....Q.8........................... .Q.8............ \..............................text...$.D.......D................. ..`.rdata..j.....D.......D.............@..@.data........X..V....X.............@....pdata.......@Y.......X.............@..@.idata..o%... \..&....[.............@..@.00cfg..Q....P\.......[.............@..@.rsrc...s....`\.......[.............@..@.reloc.......p\.......[.............@..B................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):229640
                                                                                                    Entropy (8bit):6.304699510068925
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:AGe0Dm3e4qdT9icbTJT2ej9bk0kVfP6vvaHA28RhhPOOASK1F4glgX6YdlMDnv5q:AgmuJdXx96fskkeCH
                                                                                                    MD5:BEEC0F415A7F0D82285AD13613D629DA
                                                                                                    SHA1:ED35BB19D3D310282707F857054A3A67FA0AD4AD
                                                                                                    SHA-256:AC9C5C558CDDB3A5617E5BBE4207706D28D6071D322FA6DC0BA8CBF3C81E79E3
                                                                                                    SHA-512:1142995D90D655BC493E033214E66C8E53173C96E7952A51A0614B7C7D41EB694248A6B767401DE691D4634637CE1B3E2E24A482734EDBBB5A8FE5EF76142F53
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f^O."?!."?!."?!.NK . ?!..M%.#?!.+G..:?!..M&.#?!.NK$..?!.NK%.*?!.NK".&?!..J . ?!..M .9?!."? ..>!..K).)?!..K!.#?!..K..#?!..K#.#?!.Rich"?!.........PE..d...`.1e.........." .................................................................5....`A....................................................h.......4.......T....X...)..............T...........................`...8............................................text............................... ..`.rdata...;.......<..................@..@.data...(........Z..................@....pdata..T............F..............@..@.rsrc...4............P..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):178
                                                                                                    Entropy (8bit):4.422531119173795
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:MQTgLqNrEnP24M0MPktFEPzWL9bA8VoiFLxW:pgL7m7PYFEP6q8CB
                                                                                                    MD5:CE2FD881F8F772189AAA8217D4C1C10A
                                                                                                    SHA1:9AF8564B0FC89B3C3D18E8310E425A0AE3FA858D
                                                                                                    SHA-256:92CBCFF73CCD6FC6DC728EF09FD0122C8EF4F0EE27FD89A70FF646E41F230D83
                                                                                                    SHA-512:D6579AFEF64A0C455CDB1F45D03395DD82B5A459E9CAFDF2D25CA58135DB3B6C0BA7842B472E79D9E175C4B8451809F4A4AF0194EA3D68895EE2409CCFA0CA42
                                                                                                    Malicious:false
                                                                                                    Preview:sampleinterval=10000..processETWstats=yes..diskETWstats=yes..memoryETWstats=yes..networkETWstats=yes..ETWtrace=yes..overrideETWsession=yes..topNprocesssamples=10..highcpuutil=yes

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):36616
                                                                                                    Entropy (8bit):6.4383510865381615
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:FzsSu+dFIxMKaASGq6J5H6xaHehdDxEFiRY:mR+9Kn1Jl6xwehei2
                                                                                                    MD5:BE21F9C0B33E61C1DC8930CF0AC015E7
                                                                                                    SHA1:09CD006D669707D27839186F8A3C160A85DC645E
                                                                                                    SHA-256:73660197396F7B0B8A3C11DEE284FCD5CEBEB89553BF7FF60422E9B1637F6E14
                                                                                                    SHA-512:2777C3BBA5051CDA4B7023C35CCA9328B6D88293B59F98397C1AFD3A10BF82193171B024A2DBDD71ACE9F749EAEE75881220D4BEF6AC77917EE7D7E4865417CE
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]!.A.@...@...@...8...@..u4...@..u4...@..u4...@..u4...@...2...@...@..P@...4...@...4...@...4s..@...4...@..Rich.@..........PE..d.....1e.........." .....:...(.......................................................<....`A........................................ \.......\..........4.......L....f...)......(....T..T............................T..8............P..P............................text....9.......:.................. ..`.rdata..R....P.......>..............@..@.data........p.......T..............@....pdata..L............Z..............@..@.rsrc...4............^..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):62216
                                                                                                    Entropy (8bit):6.109790741833651
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:8xHQWztGUCtnRfrePusKFwt6xUsTGWMpgZuK06QlhP2kg/JWCPgHQaJsvHgXXuSF:8xH2tnRwtZUQr2BJuDz9drqlkeseiaA
                                                                                                    MD5:23FC04B65C62BF160F52250E4B8F28D9
                                                                                                    SHA1:A349AD62734AF37A3A10EB7AAF31B3EDC6AA175B
                                                                                                    SHA-256:9A5FFBAC75AED53CF42CFA239E35795B0DB1829F4954AB0DB7347329D770F8BC
                                                                                                    SHA-512:F498107DD82C205F791A11948E2DEE179DC8FE3362CEE40DF2A394FBCD5624782B356362A2CEF78F4AA50A5812F16B046390B5320B2769923F0FB1B5EB61DFFC
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x-.z.~.z.~.z.~...~.z.~.....z.~.....z.~.....z.~.....z.~O....z.~.z.~.z.~E....z.~E....z.~E..~.z.~E....z.~Rich.z.~................PE..d.....1e.........." .....l...Z.......................................................M....`A........................................0...d...............4................)......(......T...........................@...8............................................text...xk.......l.................. ..`.rdata..&............p..............@..@.data....6.......2..................@....pdata..............................@..@.rsrc...4...........................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.cat

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):11150
                                                                                                    Entropy (8bit):7.283284626349284
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:OMUoGOvjyrWjJCmOL7yKnUi8rFWQFm7f+y50Nr7OxX01k9z3AzskXVXqrfn:OKJvv4CFRk7my50ZSxR9zusku
                                                                                                    MD5:30EF631B5F1AD4B5893BB5243E0D4C4E
                                                                                                    SHA1:C4419428B53E6B32F81282F20F8CD0ED496494A6
                                                                                                    SHA-256:7C3C3B345C52AA569A3F377B3CB7A858C93B66635C089E0F554D4CDBF545CBC9
                                                                                                    SHA-512:8C0C5CEE4529DB0E2D18D02F1D3E5C41B3849EB4F2B98B89C4A4C711290DC344429F5474C02C6A19B7A22218BBC6026FD21C8DC3A4F1C17918509D13C00043AB
                                                                                                    Malicious:false
                                                                                                    Preview:0.+...*.H........+{0.+w...1.0...`.H.e......0..A..+.....7.....20...0...+.....7.....`M.-A..H..5^'p....220809175113Z0...+.....7.....0..p0.... ..:<.(.(_.m.(...?..,..../E.C.d[1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6.4...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..:<.(.(_.m.(...?..,..../E.C.d[0....;...'.c..YB....E.iy1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6.4...i.n.f...0.... ...n.'..v.g.-xz*(.|.F..J.O....#1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6.4...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ...n.'..v.g.-xz*(.|.F..J.O....#0......D7Zq..y..W....=..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.inf

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Windows setup INFormation
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2194
                                                                                                    Entropy (8bit):5.415461243479411
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:RlBHWXrNcDjiods4CGobBNpSyjaMNnzRZB96KUmlAfMOjHNG4oa:poNMRsfGkSyj3DjAUOn
                                                                                                    MD5:70E18044ED3D82188B89F728528FC40C
                                                                                                    SHA1:3BC8169D27BB63F9CD5942D1B11EF5A945966979
                                                                                                    SHA-256:1C063A3CDD88281D285FEA6D9028BF0ADE3FF59E2CA0BF80012F450C4317645B
                                                                                                    SHA-512:41274EDF40424BDF11A94C531A8DAA8428A7A1D070BC4DA98DCCBABAE9A410A23D0C3609DB28ADAFEDF60662BFD242AC776AEA60C4CFF0D12D1411BE1B3D5AF2
                                                                                                    Malicious:false
                                                                                                    Preview:[Version]..PnpLockdown=1..Signature=$WINDOWS NT$..Class=%SAMPLECLASS%..ClassGuid={7B40B6C5-A603-40CA-88BD-D8248E55D370}..Provider=%MFGNAME%..DriverVer = 06/06/2022,2.4.2.8..CatalogFile=semav6msr64.cat..DriverPackageType=PlugAndPlay....[ClassInstall32]..Addreg=SEMADriverDeviceClassReg....[SEMADriverDeviceClassReg]..HKR,,,0,%SAMPLECLASS%..HKR,,Icon,,-5....[DestinationDirs]..DefaultDestDir=10,System32\Drivers ;Drivers directory..SEMADriverDeviceCoInstallerCopyFiles = 11 ; System directory....[SourceDisksNames]..1=%INSTDISK%,,,....[SourceDisksFiles]..semav6msr64.sys=1..WdfCoinstaller01009.dll=1 ; make sure the number matches with SourceDisksNames....[Manufacturer]..%MFGNAME%=DeviceList,NTamd64....;[DeviceList]..;%DESCRIPTION%=DriverInstall, ROOT\SEMAHWID....[DeviceList.NTamd64]..%DESCRIPTION%=DriverInstall, ROOT\SEMAHWID......;-------------- Driver installation..[DriverInstall.NT]..CopyFiles=DriverCopyFiles..;LogConfig = LogConfig_Device....;[LogConfig_Device]..;ConfigPriority=NORMAL..;IRQ

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):47240
                                                                                                    Entropy (8bit):6.764388916875618
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:Vi4vmZoK1QaD4cTM+lU8KGuafVD/0wupGU1KLziYtPtAC92yiRm4cnnLYj/9zt:V7n3alleAVD/LPtACsyiYfn8Zzt
                                                                                                    MD5:0A430B184878A92E6C94E1B6A7F217B3
                                                                                                    SHA1:1B17E03BBCCC709A1A4CB3210FF1880330CD7E79
                                                                                                    SHA-256:01CBBF324E77BA9947FC28BD9E1A624BE29CFEB1ACE5FD03C605D609BA823641
                                                                                                    SHA-512:6CA4EF1CED1537655D469F7F6D2572C234DA70795FE4FEE620DEAA6AB64299D6C03D56BFE671648448258642E9A20EBAE54CF258031E3B2823FC544A3A1ED2D7
                                                                                                    Malicious:true
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?d..^...^...^...,...^...,...^...^...^...,...^...,...^...,...^...*...^...*...^...*...^..Rich.^..........................PE..d.....b.........."......F...&.................@..........................................`A....................................................<............`.......j...N......@....8..T............................9..8............0...............................text............................... ..h.rdata..t....0......................@..H.data........P.......(..............@....pdata.......`.......,..............@..HPAGE.....'...p...(...0.............. ..`INIT....|............X.............. ..b.rsrc................d..............@..B.reloc..@............h..............@..B........................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):872712
                                                                                                    Entropy (8bit):6.088257169555879
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:zMMAY0Pdm/4NKh1ob2s9y07IXQ89Jq4hwa:zMvYa44NKO2s9Ju97wa
                                                                                                    MD5:ECCF729EDE8B322D4A6C60BD00535223
                                                                                                    SHA1:B8A0CAF364CC2137DC55C2E9088C2B55D1D2AF98
                                                                                                    SHA-256:C22FB18156F055B52D65F4047A86B479D674D81FE30BB46F8E469C43C77DADA6
                                                                                                    SHA-512:4C145B2D4A5948928A9486C0FD258902607A482403F66BED67DB9E74492A1AF05CE6EBB809D2EBCEAF99EE5B15EEF719664AD6836BAC5A89D09E30519BE4CFF2
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......5..q...q...q.......s......p...x...o......p.....s.......|.......y.......u......s......d...q...(......c......p....`.p......p...Richq...................PE..d...S.1e.........." ................@.....................................................`A................................................P...|....p..4....P.......(...)..........@...T...............................8............................................text............................... ..`.rdata...m.......n..................@..@.data....0..........................@....pdata.......P......................@..@.rsrc...4....p....... ..............@..@.reloc...............&..............@..B................................................................................................................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2973696
                                                                                                    Entropy (8bit):5.942645707828203
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:cYycyweenoG6hHoik6ofG3GSKE6kFI3ZWWRQRSY5NmW3SfM5wLw4V:Jx6g09FEZWWR2SYNmWRwLw
                                                                                                    MD5:9C15CE380F1A09D8697A6ECD3797BFFC
                                                                                                    SHA1:FB9989CBD42B297B0A253C115B94391507AB5316
                                                                                                    SHA-256:A070C03E4B1AB38C7E980447B6C98DF9E7E30200C50B36D328A8A017CA41D9BD
                                                                                                    SHA-512:FAE03CFEEEC16D059C777886601913C15F4C61B2EA860BF7F77D072D4F85EAF7B6875D246EA7AD593CA7E2D4C55D5537F70DEEA118670DAE92A31935166C2521
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&_.iH..iH..iH...K..iH...M..iH...L..iH...I..iH..iI..iH...M..iH...L..iH...K..iH...L..iH...H..iH.....iH...J..iH.Rich.iH.................PE..d......d.........." ...%.T%..0................................................-...........`.........................................0.*.~4..xE-.(.....-.......+..b............-.....0((.8............................&(.@............@-.x............................text....S%......T%................. ..`.rdata.......p%......X%.............@..@.data...).....+.......*.............@....pdata..\.....+......n+.............@..@.idata.......@-.......,.............@..@.00cfg..u....`-.......-.............@..@_RDATA.......p-.......-.............@..@.rsrc.........-.......-.............@..@.reloc...7....-..8...(-.............@..B................................................................................................................

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):13
                                                                                                    Entropy (8bit):3.7004397181410926
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:8Q:t
                                                                                                    MD5:2EB1EC3EB2BE8F788246F3E5CD594346
                                                                                                    SHA1:FEB4086F6B540200873FF547D134A30913D08ABC
                                                                                                    SHA-256:CCE3244892180A2B0431D4CAAA38109851EEC95C3CA88531FE9E65AB6B96FD73
                                                                                                    SHA-512:78A23763EEC938B600B1BC91217FE63F31EA048A8C71D7E7B2975588165D734198F7E45F5357F69B37D7A6DD7DE7E7A0B4418750DA6237D9C51B32A9B9AA0BA3
                                                                                                    Malicious:false
                                                                                                    Preview:FPS(0) MACD..

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):11990
                                                                                                    Entropy (8bit):5.208061063352467
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:CK8NLmd3f87xdySVm5i0S9mvm7mWmcmBm5mGmmmqmqmymVmmmEmAmD5SW6mAzBpR:g7xdyPIPklp0f3Vu
                                                                                                    MD5:373E6D42B5FA7D9367879AAFAF79E685
                                                                                                    SHA1:3AC7E3F1D1CEB76EE10CBBD7497802C84CF88F58
                                                                                                    SHA-256:059484EEA97B786BFABA99FEB1E681B5B1DBF6FEFA7092220953DFD317CAF536
                                                                                                    SHA-512:C5438B4AED08127DA37DC001B122C07C8F2E5B8DD59F29283FAFC5D085BE1725ABDAE5BADAC6C6AF045AAE7392BBFA218440B89077DB54D348C7BD60BB08A8B2
                                                                                                    Malicious:false
                                                                                                    Preview:<global>..clock=5000..</global>....<metric>..name=CPI..level=core..eq= msr_10 msr_309 /..</metric>....<metric>..name=pkg_energy_units..units=joules..freqtype=meta..eq=0.5 msr_606 8 >> 0x1f & POW..</metric>......<metric>..name=power_units..units=watts..freqtype=meta..eq=0.5 msr_606 0xf & POW..</metric>......<metric>..name=rap..units=watts ..level=package ..max=300..eq=msr_611 pkg_energy_units * msr_10 IA_MAX_NON_TURBO_FREQ_MHZ / 1000 / / 1000 *..</metric>......<metric>..name=temperature..units=centigrade..level=core..max=120..eq= 0 tj_max msr_i_19c 16 >> 0x7f & - msr_i_19c 31 >> 1 & ?:..</metric>....<metric>..name=C0..units=percent..level=core..max=102..eq=msr_30b msr_10 / 100 *..</metric>....<metric>..name=avg_freq..units=mhz..level=core..max=7000..eq=msr_30a msr_30b / IA_MAX_NON_TURBO_FREQ_MHZ *..</metric>....<metric>..name=memory_read_bw..valid_cpu_signatures=0x706E 0x706D..units=MBps..max=50000..eq=mmio_5050 64 * msr_10 IA_MAX_NON_TURBO_FREQ_MHZ / 1000 / / 1000 * 1000000 /..</met

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txt

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3906
                                                                                                    Entropy (8bit):5.236903123491591
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:16V6/45qe9KLTTvEI+eJa5Ma6acGmyC2zhM+eL3L1LKpELKt0S0JLKK3JLffLPLw:IV6w5T+3SyATGjkK3e3
                                                                                                    MD5:D763669FC98809F06505885C35862EC5
                                                                                                    SHA1:BBC6BB9471E4311FC840796426293ECEAD6D359C
                                                                                                    SHA-256:5A5FACC300773109F8CC9F4290A8E0F5CF62C04624F1B7C28722744E7863C346
                                                                                                    SHA-512:71026A27127478035C9ED151E33C2D2BBCFF199CA3E48092E99E4FBDE155205BE36506042B86147A08530D34B7D68E8E3E683E2078524516548451D7504133A1
                                                                                                    Malicious:false
                                                                                                    Preview:counter=\Processor Information(*)\Processor Frequency expand=yes..counter=\Processor(*)\% Processor Time expand=yes..counter=\Processor(_Total)\% Processor Time..counter=\Processor(_Total)\% C1 Time..counter=\Processor(_Total)\% C2 Time..counter=\Processor(_Total)\% C3 Time..counter=\Processor Information(_Total)\Idle Break Events/sec..counter=\Processor Information(_Total)\Interrupts/sec..counter=\Processor(_Total)\% Privileged Time..counter=\PhysicalDisk(_Total)\Disk Bytes/sec..counter=\Network Interface(*)\Bytes Received/sec expand=yes..counter=\Network Interface(*)\Bytes Sent/sec expand=yes..counter=\Memory\Available Mbytes..counter=\Memory\Page Faults/sec ..query=baseboard get product, Manufacturer, version description=MOTHERBOARD start_at=auto..query=path win32_pnpentity where "caption like '%Chipset%'" get caption description=CHIPSET start_at=auto..query=diskdrive get caption, status description=DISK_STATUS start_at=auto..query=diskdrive get Caption, status, FirmwareRevision, In

                                                                                                    C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):363272
                                                                                                    Entropy (8bit):6.41439123523895
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:FGXrAzSVpCreFHGjWIH6BlSIQEaohgHfBvlYeSA:gbAzSVpCr5WAhvo+HpjSA
                                                                                                    MD5:4FD31B2F136A650BA04FFED8524F62EB
                                                                                                    SHA1:DF58DA3396AB88C8BC99B0587D80AB1ECE07E5BE
                                                                                                    SHA-256:2689F6CECD803274EFF54503569386B08EE3ECE3E1BBACA4C61F7916DFFC7E39
                                                                                                    SHA-512:9C18BD401633A1AB6B4B410571759EA349C2A4969769299918CBFCE99639B327CB80ABBE3D327492FCA04983D820C7594A38BE57CB32CB5A039DC850A8792335
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.*...DK..DK..DK..GJ..DK..AJ.DK..@J..DK...K..DK..CJ..DKs.AJ9.DKs.@J..DKs.GJ..DK..EJ..DK..EJ..DK..EK.DK..LJ..DK..DJ..DK..K..DK..FJ..DKRich..DK........PE..d...g.1e.........."......&...8.................@.....................................-....`..........................................+......$-..........4....`..\....b...)..............T...............................8............@...............................text...,$.......&.................. ..`.rdata.......@.......*..............@..@.data........@.......*..............@....pdata..\....`.......4..............@..@_RDATA...............R..............@..@.rsrc...4............T..............@..@.reloc...............Z..............@..B................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):315784
                                                                                                    Entropy (8bit):6.2803385461310235
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:aINDWSs7LnKn26xdTY/H4y5a6lDgl/O1aYUMnWzgcQ6JJ:johKnfY/4kajz
                                                                                                    MD5:C4FE3F03EFD3188252CAA101F954FFEB
                                                                                                    SHA1:98B613AEE45C71AED9D2BE0D61D7ACE323929E9C
                                                                                                    SHA-256:95BB425BE3D515A6A58F7399D44DD9E032BAEA11667DFDBA29517C460171880A
                                                                                                    SHA-512:80018E0BDDF079367D3568433A5F89F0144AA0A75286B0105FE32AEEB5D80876C9B2E1ECAAFB70FB041271E27A234A2CB88A2D3D160A4AA3768CCFCFC574704A
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S].Y.<...<...<...L...<...DR..<..EI...<...<...<..EI...<..EI...<..EI..C<..EI...<..EI>..<..EI...<..Rich.<..................PE..d....(.`.........." ......................................................................`A.............................................M...+...................6.......#......p....4..T...........................p4..8............................................text...\........................... ..`.rdata...M.......N..................@..@.data....?...@...8..................@....pdata...6.......8...f..............@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):565640
                                                                                                    Entropy (8bit):6.489297717161362
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:C/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6z/yjQEKZm+jWodm:EN59IW6z/8QEKZm+jWodEEY
                                                                                                    MD5:CD0C37F1875B704F8EB08E397381AC16
                                                                                                    SHA1:249D33C43E105A1C36EC6A24E5EF8DBC5F56B31B
                                                                                                    SHA-256:D86AC158123A245B927592C80CC020FEA29C8C4ADDC144466C4625A00CA9C77A
                                                                                                    SHA-512:D60C56716399B417E1D9D7D739AF13674C8572974F220A44E5E4E9AB0B0A23B8937BD0929EEE9F03F20B7F74DB008F70F9559A7EB66948B3AFAB5B96BDD1A6D5
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d....(.`.........." .....<...\.......)..............................................".....`A.........................................5..h...(...,............p...9...~...#......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23944
                                                                                                    Entropy (8bit):5.998942809132306
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:lXt9apR9/u8FON2WWc65gWZTI14gHRN7FBz4UslGsty:lXK79/u8FOEZwFBrN
                                                                                                    MD5:8AD9C7CFFBB2413F4D5FF9F3AAA1A69B
                                                                                                    SHA1:2B5116E49AC5913EF8A512A7299E9A459DAB4778
                                                                                                    SHA-256:18AEF42187072C35B537BE80E3B2DA7CE4919B2C9574ADD19409D98E3026D916
                                                                                                    SHA-512:D489B82CE896A06CD37905BC5B2FE9620F4E7FEB2A9B77FC93F94E0270B67E7A2F3879AFBA6B546AD44F2EE96F050E83BFC93830010A707126667857BE79028A
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h.......h.......h......h......h...h...h......h......h......h...g..h......h..Rich.h..........................PE..d....(.`.........." .........$......................................................Y,....`A........................................P?..L....@..x....p.......`.......:...#......|...@3..T............................3..8............0..0............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`.......0..............@..@.rsrc........p.......4..............@..@.reloc..|............8..............@..B................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):185736
                                                                                                    Entropy (8bit):6.539441890812417
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:zo8fdbDQ2RAIQSP3cNkquWHSWnwTXsY0YqgwAlrX/Fv1Yq9lrEl:zVZgIQDkgyWnZlfgX/17re
                                                                                                    MD5:84269806DCE633E56E492EF060FA8F88
                                                                                                    SHA1:A1E71CB750D25E7A63E0C9D0B01063DF421F1938
                                                                                                    SHA-256:5FCA695ED2CEFEC010D546310699226EEF4B305DF38CBE3DEA2FDF9494ABC163
                                                                                                    SHA-512:B25D25A35E6E431BACAF4D5FEA0E40F3FE49CCA14895C64DDBD78C212A2EF0B09B56616154A3D26813E9FAAF3DB1F6BB24A300B5F39B8CE286A41A12F6920EF1
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+...E...E...E.j.D...E......E..A...E..F...E...D...E..D...E..@...E..E...E......E..G...E.Rich..E.................PE..d....(.`.........." ......................................................................`A........................................0...................................#...........K..T........................... L..8...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):56200
                                                                                                    Entropy (8bit):5.099650247805685
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:aHzT4jKmYfXyHSRroXfjNHbd/X/QL3Ns63z:4T4DpSpQNHx/X/QL3N3z
                                                                                                    MD5:1D2A0D23E35B93464BB5B09E5E4C02B2
                                                                                                    SHA1:04D1A1EED3868433C5B7652ECAE0FDCD29E1EF39
                                                                                                    SHA-256:A577B5FC4E3A14AE141657C30A38D11FF8593135E51E55485B252EB821D47E75
                                                                                                    SHA-512:18A0DB760E4C4D9C4E014CFF5EE0F433B298B65FDECA95B8F5F172B9BC534A1C7F64A1B2751B90E89CF76F41EE1AB468415466D2A657905ECA9835E41CAE264E
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7`.#s..ps..ps..p.q.qw..pzy&pu..p!t.q{..p!t.qp..ps..p...p!t.qt..p!t.qo..p!t.qr..p!tJpr..p!t.qr..pRichs..p........PE..d....(.`.........." .....:...........>.......................................@............`A.........................................f..D...Tk....... ..0.......P........#...0..x... W..T............................W..8............P..@............................text....9.......:.................. ..`.rdata..n$...P...&...>..............@..@.data...........B...d..............@....pdata..P...........................@..@.rsrc...0.... ......................@..@.reloc..x....0......................@..B................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20360
                                                                                                    Entropy (8bit):6.113539156200981
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:3Yp02YGv8EWiwEWk14gHRN7PwlX7aJdlGsMIm:3Y02YGvsaPe7aJGD
                                                                                                    MD5:4266E7BB9BFCE998083D2F4F938B11C9
                                                                                                    SHA1:23FC9C4C9DE9FD3E71941DF86E26C4DD44F2A95B
                                                                                                    SHA-256:E1EE6D29E30708AD5812035626BBC1058EA12FD5503D5A79D28C9CB67FAB4A14
                                                                                                    SHA-512:5DC1E769F973AEC3F0F766AD7C2364A184B9F71C1266F5E5A874C3E63CA7082E9A2C38346D387AA516E2F23ACAAF62979434819697B2695644883CE07BBFD867
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P.N.P.N.P.NE .O.P.N.(4N.P.N.P.N.P.N.%.O.P.N.%.O.P.N.%.O.P.N.%.O.P.N.%.O.P.N.%XN.P.N.%.O.P.NRich.P.N................PE..d....(.`.........." ................@........................................p......C.....`A........................................P(..0....)..P....P..0....@.......,...#...`..(....!..T............................!..8............ ...............................text...X........................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc...0....P.......$..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):334728
                                                                                                    Entropy (8bit):5.937217679926928
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:o+dqDim64W44od8wyW9I8RbAA2d3a6JD36a:o1Iud8wy6I8DD6t
                                                                                                    MD5:7EF7EAB654DF53E087AC4703C9EA0B16
                                                                                                    SHA1:743DC76D168326B60F09347945FE1342A6EFFC4C
                                                                                                    SHA-256:13E568FDCDE1B7B7F2D1C97A474BDB8858F5AB761157F0FEA7201CCECF84B9B8
                                                                                                    SHA-512:0B860F10C03ACB3866E82FD6044C29D63A2C6A1D5F6628F3D31F1CD1E44D7144E3660DF3446B7A0B76B7811B261675E5AA39FB27EFEEC060D287FDE3E630EDD2
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..]hz..hz..hz..a.T.xz..:...nz..:...rz..:...`z..:...lz......oz..hz...z..:...yz..:...iz..:.8.iz..:...iz..Richhz..................PE..d....+.`.........." .........z......P~.......................................@............`A........................................0....>......,................ .......#... ......`...T...............................8............................................text...v........................... ..`.rdata..............................@..@.data........0......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):97160
                                                                                                    Entropy (8bit):6.422776154074499
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
                                                                                                    MD5:11D9AC94E8CB17BD23DEA89F8E757F18
                                                                                                    SHA1:D4FB80A512486821AD320C4FD67ABCAE63005158
                                                                                                    SHA-256:E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
                                                                                                    SHA-512:AA6AFD6BEA27F554E3646152D8C4F96F7BCAAA4933F8B7C04346E410F93F23CFA6D29362FD5D51CCBB8B6223E094CD89E351F072AD0517553703F5BF9DE28778
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d....(.`.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\$PatchCache$\Managed\E73D8FD4A5508B94397103E5DCB1D9F1\2.4.10654\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):37256
                                                                                                    Entropy (8bit):6.2987721506649335
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:5InvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbmuncS74GdWrUKWj14gHg:dCm5yhUcwrHY/ntTxT6ovR7VxIV1z
                                                                                                    MD5:7667B0883DE4667EC87C3B75BED84D84
                                                                                                    SHA1:E6F6DF83E813ED8252614A46A5892C4856DF1F58
                                                                                                    SHA-256:04E7CCBDCAD7CBAF0ED28692FB08EAB832C38AAD9071749037EE7A58F45E9D7D
                                                                                                    SHA-512:968CBAAFE416A9E398C5BFD8C5825FA813462AE207D17072C035F916742517EDC42349A72AB6795199D34CCECE259D5F2F63587CFAEB0026C0667632B05C5C74
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d....(.`.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\5c1378.msi

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Intel(R) Computing Improvement Program, Author: Intel Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Intel(R) Computing Improvement Program., Template: x64;1033, Revision Number: {F5B334BC-EB98-42B1-9672-0E25B39E6D90}, Create Time/Date: Fri Oct 20 05:08:32 2023, Last Saved Time/Date: Fri Oct 20 05:08:32 2023, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):24236032
                                                                                                    Entropy (8bit):7.92627601786481
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:393216:s4X6ZqjHCETxwyKKTxDYl96Y/nWmgWzqVbHg2CeCSNim5Bh/A:hOqjis2yrTxWjnWuc+Ddm5X4
                                                                                                    MD5:B9F88EF2F1B7956089E35F6762BBC494
                                                                                                    SHA1:420FA60CA04273BFBA651402EBD1C60EBA856114
                                                                                                    SHA-256:3327E76CCDBB5B796DA1ED96009345D60904F94102609854A2894439B0C711FC
                                                                                                    SHA-512:FBC639912D9571AEE46A232736FAE802996E30525FDEE98305A188BA8984390618E740BB2E044C6C4390BFF806560E469644C10CE79C8762F3DC20B225DDEE69
                                                                                                    Malicious:false
                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI21C1.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):216496
                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI226E.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156160
                                                                                                    Entropy (8bit):6.397019863458208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                    MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                    SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                    SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                    SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI227E.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156160
                                                                                                    Entropy (8bit):6.397019863458208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                    MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                    SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                    SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                    SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI231B.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3063555
                                                                                                    Entropy (8bit):6.485320325373931
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:xnUIFnUI0nUIQAEnUIWnUIbA7zHJ2wfvaLZtt65k/3YwktnUIInUIg:eziL48O6HJ9KwGY6+h
                                                                                                    MD5:A7D8D06EEF1B22D30B842086C8F456F5
                                                                                                    SHA1:234D6731D0EBE7AFFF07674C6336C01214369FFD
                                                                                                    SHA-256:9F23A3BFDB51CFC3FCF9E56E2427DA8572A4AF149E59437CA9574ABE23DDA67B
                                                                                                    SHA-512:162B702442882A487B490C819C023F81A68CA54835A6EEBA15F5827E09CE559379A5D9964748794382DAC3E346A0193B4F157C8E01ADAF6EEDB1CD1C5CD26B97
                                                                                                    Malicious:false
                                                                                                    Preview:...@IXOS.@.....@.T.X.@.....@.....@.....@.....@.....@......&.{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}&.Intel(R) Computing Improvement Program!.WIN_DCA_2.4.0.10654_sursvc_qh.msi.@.....@.)...@.....@......vmp..&.{F5B334BC-EB98-42B1-9672-0E25B39E6D90}.....@.....@.....@.....@.......@.....@.....@.......@....&.Intel(R) Computing Improvement Program......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........uninstall.4FFF4AAB_22AE_4C10_B00D_4F1423082A83....J...uninstall.4FFF4AAB_22AE_4C10_B00D_4F1423082A83.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x.......

                                                                                                    C:\Windows\Installer\MSI234B.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156160
                                                                                                    Entropy (8bit):6.397019863458208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                    MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                    SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                    SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                    SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI235C.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):91136
                                                                                                    Entropy (8bit):5.992736307445017
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:Fs6wSMZLS76YDdzTsXOyaopL7mvof+86kWl0Ax1/6y7s046JYhnUTrv7Z:ESMZLu6YDJTeHWgG8+2y/g6JYhnqrd
                                                                                                    MD5:DE7D44980B18FECE3E6FE8C8716BF9DD
                                                                                                    SHA1:CDF9CDCB483A34F1AB209582CA67203BDA54EFD5
                                                                                                    SHA-256:7B6596E88C53CD036BDAA7F76C84320A949E31F26092EEFC5879EF298F9DA8DC
                                                                                                    SHA-512:BDFDFE6702E44063B5E0A9440DD739A912DADBCDE2FB9CBD3092EDF84CFB23C801272066AE0E3C7038D79C53CE948AA513C3FFEFAC62BC035F3712EDAB4A5E99
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.ML7.#.7.#.7.#.,/..j.#.,/..>.#.>..5.#.>..6.#.>..&.#.7."..#.,/..u.#.,/..6.#.,/..6.#.,/..6.#.Rich7.#.........PE..d......P.........." ................@W..............................................nF....@......................................... P......xD..d.......8............................................................................................................text............................... ..`.rdata...`.......b..................@..@.data....G...`.......:..............@....pdata...............N..............@..@.rsrc...8............Z..............@..@.reloc..b............`..............@..B................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI24C4.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156160
                                                                                                    Entropy (8bit):6.397019863458208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                    MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                    SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                    SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                    SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI2513.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):91136
                                                                                                    Entropy (8bit):5.992736307445017
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:Fs6wSMZLS76YDdzTsXOyaopL7mvof+86kWl0Ax1/6y7s046JYhnUTrv7Z:ESMZLu6YDJTeHWgG8+2y/g6JYhnqrd
                                                                                                    MD5:DE7D44980B18FECE3E6FE8C8716BF9DD
                                                                                                    SHA1:CDF9CDCB483A34F1AB209582CA67203BDA54EFD5
                                                                                                    SHA-256:7B6596E88C53CD036BDAA7F76C84320A949E31F26092EEFC5879EF298F9DA8DC
                                                                                                    SHA-512:BDFDFE6702E44063B5E0A9440DD739A912DADBCDE2FB9CBD3092EDF84CFB23C801272066AE0E3C7038D79C53CE948AA513C3FFEFAC62BC035F3712EDAB4A5E99
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.ML7.#.7.#.7.#.,/..j.#.,/..>.#.>..5.#.>..6.#.>..&.#.7."..#.,/..u.#.,/..6.#.,/..6.#.,/..6.#.Rich7.#.........PE..d......P.........." ................@W..............................................nF....@......................................... P......xD..d.......8............................................................................................................text............................... ..`.rdata...`.......b..................@..@.data....G...`.......:..............@....pdata...............N..............@..@.rsrc...8............Z..............@..@.reloc..b............`..............@..B................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI25D0.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):216496
                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI26AC.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):216496
                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI271A.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):216496
                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI27B7.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):156160
                                                                                                    Entropy (8bit):6.397019863458208
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                    MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                    SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                    SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                    SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI2855.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):216496
                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\MSI38D0.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:modified
                                                                                                    Size (bytes):216496
                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\SourceHash{4DF8D37E-055A-49B8-9317-305ECD1B9D1F}

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                    Category:dropped
                                                                                                    Size (bytes):49152
                                                                                                    Entropy (8bit):0.7742437227365051
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:JSbX72FjUNliAGiLIlHVRpUh/7777777777777777777777777vDHFvagVSL/XlN:J+NIQI5EMg+6F
                                                                                                    MD5:E102869622050910511DBFAC7348CC78
                                                                                                    SHA1:CB2046B4D2F0FF0275D24A1A81554C22DAA3ACED
                                                                                                    SHA-256:E6289A8058C8F7A1CB6239E935638058A46E80EB8BC668DCE0074E7771A3B5BE
                                                                                                    SHA-512:2C96AE1EF0862BBB2C11C9A378E41C9D3300D3C8EF46D128300A143A4E5B0153AC532A0A11FEA14D0D358B57FAB558EB36739D313E3EFF635D0BA2C0982E1F7E
                                                                                                    Malicious:false
                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                    Category:dropped
                                                                                                    Size (bytes):49152
                                                                                                    Entropy (8bit):1.2265022967988595
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:ysEBubZPveFXJDT50UPyh6C5DtqtSTtDdiXduderd3C6UdOUd/6jrOS2jrOS1hML:yRBKQbTO2AFwt/kVaIkVOf
                                                                                                    MD5:75E23A160F25A6B8062FA8FFFBFB9ED7
                                                                                                    SHA1:373CCAF077D3A8A2334D3A9BEA2CE4C7F5E05349
                                                                                                    SHA-256:0E502F95A71180D92958ED52E9ECB62FA4A7A2F5808E7A24119A87A518310CB7
                                                                                                    SHA-512:3580A353FF7CF096598787A4149B64E4EDC73101DFB5F97C313A924DCE8411145EAE0A5B3796DFF3DC5A8B85E61B5A1ACD3840D7ABD444096D4CEC79473C11B0
                                                                                                    Malicious:false
                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):432221
                                                                                                    Entropy (8bit):5.375175308358812
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaua:zTtbmkExhMJCIpErf
                                                                                                    MD5:83A0F3774DE068D697F86E0BA954F14A
                                                                                                    SHA1:07BB181DB9E9A46D667D6B947CBC2D9B2B24EF36
                                                                                                    SHA-256:A8E3BA61559BB5E5096FFE2EB7A4022AA5ADC55AFA7762648D3DF517191ED751
                                                                                                    SHA-512:D78BF4315FCDE7A67F5CB772282406642F27F5F2B8278850F2FB2E1A6A23136389B1535460ECD8142BBFBEDA946F195DA8C2FE07E9D2E6992C80F9ABE0C7493C
                                                                                                    Malicious:false
                                                                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                    C:\Windows\Temp\~DF768D4A25930D9F16.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                    Category:dropped
                                                                                                    Size (bytes):49152
                                                                                                    Entropy (8bit):1.2265022967988595
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:ysEBubZPveFXJDT50UPyh6C5DtqtSTtDdiXduderd3C6UdOUd/6jrOS2jrOS1hML:yRBKQbTO2AFwt/kVaIkVOf
                                                                                                    MD5:75E23A160F25A6B8062FA8FFFBFB9ED7
                                                                                                    SHA1:373CCAF077D3A8A2334D3A9BEA2CE4C7F5E05349
                                                                                                    SHA-256:0E502F95A71180D92958ED52E9ECB62FA4A7A2F5808E7A24119A87A518310CB7
                                                                                                    SHA-512:3580A353FF7CF096598787A4149B64E4EDC73101DFB5F97C313A924DCE8411145EAE0A5B3796DFF3DC5A8B85E61B5A1ACD3840D7ABD444096D4CEC79473C11B0
                                                                                                    Malicious:false
                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Temp\~DFBFC2FA65DAF65E8B.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):512
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3::
                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                    Malicious:false
                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Temp\~DFE2BAD0F3398D8842.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):81920
                                                                                                    Entropy (8bit):0.292985602920992
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:AOFHbjIfeSytDdiXduderdC6UdOUd/6jrOS2jrOS1hM6duqtSTtDdiXduderd3CQ:4feIkVvt/kVyb
                                                                                                    MD5:E7FE47A31572EC87A83EA0003FF020C3
                                                                                                    SHA1:112C3FD871052A6BFC4B8A3E7B356F68B8A9C507
                                                                                                    SHA-256:7F8706F9D09DFB9BD5EAF5B14A529E8E67ABDB4C2EBBEA504D5E45DA7B29404B
                                                                                                    SHA-512:E0ECE67C848C38C32E112EF2DE69F9D7AB5A55D7963B464988CCA5235941481307883604E967EF7CD896EEA082DB90737271B056B82587A37102A4F63F69CF57
                                                                                                    Malicious:false
                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Windows\Temp\~DFFEA99DB12BF21297.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32768
                                                                                                    Entropy (8bit):0.0796505126175468
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO/dvvlagVStSVky6l/X:2F0i8n0itFzDHFvagVSL/X
                                                                                                    MD5:034FB50B48E12F721AF8C7063DA0BEAB
                                                                                                    SHA1:432A1AF210F5F620B46902B5486689F2E2E96046
                                                                                                    SHA-256:CD4DE4E946442134EBA0B42ADAE45742EF64670FE510BBEFF6E622FA38252125
                                                                                                    SHA-512:E7564822A9D4FA2DB775793599BE00526C02CC40861BEB2AC5EBCB9D08FD7C5084B57EB507B3A29A685558C3FFF8F2F3CDFA47448D8F6A80009090CFE64A0F5E
                                                                                                    Malicious:false
                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Intel(R) Computing Improvement Program, Author: Intel Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Intel(R) Computing Improvement Program., Template: x64;1033, Revision Number: {F5B334BC-EB98-42B1-9672-0E25B39E6D90}, Create Time/Date: Fri Oct 20 05:08:32 2023, Last Saved Time/Date: Fri Oct 20 05:08:32 2023, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                    Entropy (8bit):7.92627601786481
                                                                                                    TrID:
                                                                                                    • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                    • ClickyMouse macro set (36024/1) 34.46%
                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                    File name:WIN_DCA_2.4.0.10654_sursvc_qh.msi
                                                                                                    File size:24'236'032 bytes
                                                                                                    MD5:b9f88ef2f1b7956089e35f6762bbc494
                                                                                                    SHA1:420fa60ca04273bfba651402ebd1c60eba856114
                                                                                                    SHA256:3327e76ccdbb5b796da1ed96009345d60904f94102609854a2894439b0c711fc
                                                                                                    SHA512:fbc639912d9571aee46a232736fae802996e30525fdee98305a188ba8984390618e740bb2e044c6c4390bff806560e469644c10ce79c8762f3dc20b225ddee69
                                                                                                    SSDEEP:393216:s4X6ZqjHCETxwyKKTxDYl96Y/nWmgWzqVbHg2CeCSNim5Bh/A:hOqjis2yrTxWjnWuc+Ddm5X4
                                                                                                    TLSH:C13722ED2073B169F5A70331A32D91B4DD37AC20B720448BA6F5B91A2E31DD3B93564E
                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                    File Icon

                                                                                                    Icon Hash:2d2e3797b32b2b99

                                                                                                    Network Behavior

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Apr 16, 2024 10:36:13.141839027 CEST1.1.1.1192.168.2.40xc3e8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                    Apr 16, 2024 10:36:13.141839027 CEST1.1.1.1192.168.2.40xc3e8No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:10:36:18
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10654_sursvc_qh.msi"
                                                                                                    Imagebase:0x7ff6d2ae0000
                                                                                                    File size:69'632 bytes
                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:1
                                                                                                    Start time:10:36:18
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                    Imagebase:0x7ff6d2ae0000
                                                                                                    File size:69'632 bytes
                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:3
                                                                                                    Start time:10:36:35
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F1C809FEE972ABEAE39BB6DC6996D99E
                                                                                                    Imagebase:0x7a0000
                                                                                                    File size:59'904 bytes
                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:10:36:36
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\System32\MsiExec.exe -Embedding 594B08B14BB53DA353B7B8C7CFA5C9EA
                                                                                                    Imagebase:0x7ff6d2ae0000
                                                                                                    File size:69'632 bytes
                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:5
                                                                                                    Start time:10:36:36
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 848F5E5D5CCFC7A033F45D33B8DB52E8 E Global\MSI0000
                                                                                                    Imagebase:0x7a0000
                                                                                                    File size:59'904 bytes
                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:6
                                                                                                    Start time:10:36:36
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)
                                                                                                    Imagebase:0x7ff77fee0000
                                                                                                    File size:289'792 bytes
                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:10:36:36
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:10:36:36
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")
                                                                                                    Imagebase:0x7ff77fee0000
                                                                                                    File size:289'792 bytes
                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:10:36:36
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:10
                                                                                                    Start time:10:36:37
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"
                                                                                                    Imagebase:0x240000
                                                                                                    File size:236'544 bytes
                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:11
                                                                                                    Start time:10:36:37
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:14
                                                                                                    Start time:10:36:41
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\icacls.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
                                                                                                    Imagebase:0x7ff616050000
                                                                                                    File size:39'424 bytes
                                                                                                    MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:15
                                                                                                    Start time:10:36:41
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:16
                                                                                                    Start time:10:36:41
                                                                                                    Start date:16/04/2024
                                                                                                    Path:C:\Program Files\Intel\SUR\ICIP\SurConsent.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install
                                                                                                    Imagebase:0x16c778e0000
                                                                                                    File size:387'848 bytes
                                                                                                    MD5 hash:4F9C3DB6545E8D95517692A8ACEEA351
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                    • Detection: 0%, Virustotal, Browse
                                                                                                    Has exited:false

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:17%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:16
                                                                                                      Total number of Limit Nodes:1
                                                                                                      execution_graph 2544 7ffd9b412b8d 2545 7ffd9b412b92 RegCreateKeyExW 2544->2545 2547 7ffd9b412c9e 2545->2547 2552 7ffd9b4114fd 2554 7ffd9b411517 RegOpenKeyExW 2552->2554 2555 7ffd9b41168d 2554->2555 2556 7ffd9b412b6f 2557 7ffd9b412bf2 RegCreateKeyExW 2556->2557 2558 7ffd9b412b73 2556->2558 2559 7ffd9b412c9e 2557->2559 2558->2557 2540 7ffd9b4116f9 2541 7ffd9b411707 RegCloseKey 2540->2541 2543 7ffd9b4117e4 2541->2543 2548 7ffd9b412e19 2549 7ffd9b412e27 RegSetValueExW 2548->2549 2551 7ffd9b412fd4 2549->2551

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B4109C7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 913571ffb4c5dbe08b1c64d51153024b491ebfab3525dd194b12e6947a13e17e
                                                                                                      • Instruction ID: 8a7c81c58bdbb74e08bb16dd00c14df346674903d453d89eb62de003a42af5ab
                                                                                                      • Opcode Fuzzy Hash: 913571ffb4c5dbe08b1c64d51153024b491ebfab3525dd194b12e6947a13e17e
                                                                                                      • Instruction Fuzzy Hash: 21E06D30E6D59D8ECF00EF98C4618FCBBB0EF9A710F402071D41DEB186C924A4018740
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00007FFD9B4110C5 Relevance: .0, Instructions: 26COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c73c8e254b0356a5fe6672ca719edefb9a1c8510597c2c2f5b2a2bda7e044b0e
                                                                                                      • Instruction ID: 5f4c387a3d105433eebb6718aac99fab649998a13001f812e9250dbeba04d086
                                                                                                      • Opcode Fuzzy Hash: c73c8e254b0356a5fe6672ca719edefb9a1c8510597c2c2f5b2a2bda7e044b0e
                                                                                                      • Instruction Fuzzy Hash: BFF08C20C0E7865FD7168BB0842A6B9FFF09F17214F4891EDC4854B0A3DA582809D711
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00007FFD9B412E19 Relevance: 1.7, APIs: 1, Instructions: 239registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Value
                                                                                                      • String ID:
                                                                                                      • API String ID: 3702945584-0
                                                                                                      • Opcode ID: b5e47d4edefebc4414782794df7f3a8866a45149d068a124f6b6451e7346e8f8
                                                                                                      • Instruction ID: a559817717426c4f2af4d9954d8425f08112ce4be48697022af4bed5e9415be8
                                                                                                      • Opcode Fuzzy Hash: b5e47d4edefebc4414782794df7f3a8866a45149d068a124f6b6451e7346e8f8
                                                                                                      • Instruction Fuzzy Hash: 69715A7090864D8FDB98DF68C895BE9BBF0FB6A314F1041AED04DE3291CA75A985CF40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00007FFD9B4114FD Relevance: 1.7, APIs: 1, Instructions: 226registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Open
                                                                                                      • String ID:
                                                                                                      • API String ID: 71445658-0
                                                                                                      • Opcode ID: 9f8c044d54517c52de6906f7f522187f0b3a1df9e95d91bf53c4b40cef28df0f
                                                                                                      • Instruction ID: 48299bb2fb4ca4d6cfb45178f5fe00c2022bc2baf27c1855d891dce264113a5d
                                                                                                      • Opcode Fuzzy Hash: 9f8c044d54517c52de6906f7f522187f0b3a1df9e95d91bf53c4b40cef28df0f
                                                                                                      • Instruction Fuzzy Hash: B1613A70909A5C8FDB98DF68C854BE9BBF1FB69314F1041AED04DE3252DB759981CB40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00007FFD9B412B6F Relevance: 1.7, APIs: 1, Instructions: 167registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 78607ba0ba55f540225865a959d56c7d774ca4792cd5abb752ebcdcb64bc1120
                                                                                                      • Instruction ID: 2e868be19d04b17d7cf4d357ee2a8a50823dba67a5018f7313c0b8081abf3c6c
                                                                                                      • Opcode Fuzzy Hash: 78607ba0ba55f540225865a959d56c7d774ca4792cd5abb752ebcdcb64bc1120
                                                                                                      • Instruction Fuzzy Hash: B7512A35D09A1D8FDBA8DB48C899BE9B7F1FB68304F0041AAD40DE3291DB356A85CF40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00007FFD9B4116F9 Relevance: 1.6, APIs: 1, Instructions: 146registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 42 7ffd9b4116f9-7ffd9b411705 43 7ffd9b411710-7ffd9b4117e2 RegCloseKey 42->43 44 7ffd9b411707-7ffd9b41170f 42->44 48 7ffd9b4117e4 43->48 49 7ffd9b4117ea-7ffd9b411834 43->49 44->43 48->49
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID:
                                                                                                      • API String ID: 3535843008-0
                                                                                                      • Opcode ID: 91a78234a06fe75d0c4af13c0cb1f1decae1689cb2a089b4b0a25ae346635a1b
                                                                                                      • Instruction ID: 5ea9a5f7ad3ececb10d92b2fcd3e31b7937a4e589b4c1f1fd707d9f0ec1bff07
                                                                                                      • Opcode Fuzzy Hash: 91a78234a06fe75d0c4af13c0cb1f1decae1689cb2a089b4b0a25ae346635a1b
                                                                                                      • Instruction Fuzzy Hash: CF416D30E0864C8FDB59DFA8C895AEDBBF0FF56310F1041AAD049D7292DA74A846CB41
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00007FFD9B412B8D Relevance: 1.6, APIs: 1, Instructions: 143registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000010.00000002.2932348446.00007FFD9B410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B410000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_16_2_7ffd9b410000_SurConsent.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 4f1e3031b3179faa002f03d0112200569c7f98fefd33ce0a7f308cdb2b79a0af
                                                                                                      • Instruction ID: 0ed38d0757a0450df1693280fc3aa2aa6c18872e47595b8a2113255b1403b643
                                                                                                      • Opcode Fuzzy Hash: 4f1e3031b3179faa002f03d0112200569c7f98fefd33ce0a7f308cdb2b79a0af
                                                                                                      • Instruction Fuzzy Hash: 67518374D18A5D8FDBA8DB58C894BE9B7B1FB68300F1041AAD40DE3291DA75AA84CF40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%