Windows Analysis Report
WIN_DCA_2.4.0.10717_sursvc_qh.msi

Overview

General Information

Sample name: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Analysis ID: 1426575
MD5: 71cc51c86999c3630df3ff6169412916
SHA1: 90cd3c54a1b5596c093a7282f0a3db5109094983
SHA256: 1ff9c7139a86d45f92cd939c9f5ffdd5205ddeb87480d21fa753e29fb4370126
Infos:

Detection

Score: 26
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

.NET source code contains very large strings
Sample is not signed and drops a device driver
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pem Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csv Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.bat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python312.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom312.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes312.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pyd Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.log Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, MSI8665.tmp.1.dr, MSI790E.tmp.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbFF source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32api.pdb!! source: win32api.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, MSI85F7.tmp.1.dr, MSI8356.tmp.1.dr, MSI880C.tmp.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\pywintypes.pdb++ source: pywintypes312.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:32:59 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;os-specificC:\Program Files (x86)\Common Files\SSLC:\Program Files (x86)\OpenSSL\lib\ossl-modules.dll..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: libcrypto-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, MSI8665.tmp.1.dr, MSI790E.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\pywintypes.pdb source: pywintypes312.dll.1.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.2.0 23 Nov 20233.2.0built on: Tue Nov 28 17:22:06 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableHMAC-DRBG-KDFentropynoncecrypto\deterministic_nonce.cget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptocrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFhexstr2buf_sepcrypto\o_str.cossl_hexstr2buf_sepbuf2hexstr_sepcrypto\packet.ccrypto\param_build.cparam_push_numpush_BNNegative big numbers are unsupported for OSSL_PARAM_UNSIGNED_INTEGEROSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_in
Source: Binary string: R:\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: VCRUNTIME140.dll.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 4x nop then jmp 00007FF848A909FFh 13_2_00007FF848A909D1
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 4x nop then jmp 00007FF848A91162h 13_2_00007FF848A90EAE
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 4x nop then jmp 00007FF848A91162h 13_2_00007FF848A910CE
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 4x nop then jmp 00007FF848A91162h 13_2_00007FF848A910B9
Source: licenses.txt.1.dr String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: licenses.txt.1.dr String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: http://ocsp.sectigo.com0#
Source: licenses.txt.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi String found in binary or memory: http://www.intel.com/privacy
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi String found in binary or memory: http://www.opensource.org).
Source: sqlite3.dll.1.dr String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: licenses.txt.1.dr String found in binary or memory: https://github.com/jquery/globalize
Source: licenses.txt.1.dr String found in binary or memory: https://github.com/jquery/jquery
Source: win32security.pyd.1.dr, win32trace.pyd.1.dr, perfmon.pyd.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, win32profile.pyd.1.dr, win32api.pyd.1.dr, win32file.pyd.1.dr String found in binary or memory: https://github.com/mhammond/pywin32
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://intel.com/pr
Source: SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://intel.com/privacy
Source: SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://intel.com/privacy.
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://intel.fr/privacy.
Source: licenses.txt.1.dr String found in binary or memory: https://jquery.org/
Source: licenses.txt.1.dr String found in binary or memory: https://js.foundation/
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policy.system-usage-rep
Source: SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://policy.system-usage-report.intel.com/faq/
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, libssl-3.dll.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, libcrypto-3.dll.1.dr, pywintypes312.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr String found in binary or memory: https://sectigo.com/CPS0
Source: System.Data.SQLite.EF6.dll.1.dr String found in binary or memory: https://system.data.sqlite.org/
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/priv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com.br/conte
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/cn/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/id/id/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/it/it/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/it/it/support/topics/idsa-cip.htmlPv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/pl/pl/support/topics/idsa-cip.html.
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.htmlPv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/th/th/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/th/th/support/topics/idsa-cip.htmlPv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlH
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp, WIN_DCA_2.4.0.10717_sursvc_qh.msi String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html.
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html8
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.htmlPv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.com/content/www/vn/vi/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.de/content/www/de/de/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.de/content/www/de/de/support/topics/idsa-cip.htmlPv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.es/content/www/es/es/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.html
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.htmlPv
Source: SurConsent.exe, 0000000D.00000002.3308758924.0000020B6789C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 0000000D.00000000.2272592397.0000020B65AB5000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html.
Source: libssl-3.dll.1.dr, libcrypto-3.dll.1.dr, libcrypto-3-x64.dll.1.dr String found in binary or memory: https://www.openssl.org/H
Source: System.Data.SQLite.EF6.dll.1.dr String found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
Source: System.Data.SQLite.EF6.dll.1.dr String found in binary or memory: https://www.sqlite.org/lang_corefunc.html

System Summary
barindex
.NET source code contains very large strings
Source: ProcessAnalyzerTask.dll.1.dr, ProcessAnalyzerTask.cs Long String: Length: 10957
Creates driver files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\447489.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI77D5.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI790E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI796D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7BFE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7C3E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7C5E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI81CD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI822C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8356.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI85F7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8665.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI880C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\Registry Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\downloads Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\history Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\update_events Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\persisted_updates Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\captured_logs Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI97EC.tmp Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI77D5.tmp Jump to behavior
PE file does not import any functions
Source: DSADcaIntegration.dll.1.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Binary or memory string: OriginalFilenameuica.dll\ vs WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Binary or memory string: OriginalFilenamewixca.dll\ vs WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Binary or memory string: OriginalFilenameServiceO.dll\ vs WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Binary or memory string: OriginalFilenameScheduleUpdates.dll` vs WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Binary or memory string: OriginalFilenamewixca.dllL vs WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: GenericSqlATLSupport.dll.1.dr, GenericSQLAnalyzerTask.cs Task registration methods: 'CreateValidSessionTableAndAnalysisInterval'
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.IO.FileInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.IO.DirectoryInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
Source: DSADcaIntegration.dll.1.dr, FileSystemController.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.SecurityIdentifier)
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.cs Security API names: Directory.GetAccessControl
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.cs Security API names: Directory.GetAccessControl(directory).GetAccessRules
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.cs Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: classification engine Classification label: sus26.evad.winMSI@19/177@0/0
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:120:WilError_03
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\TEMP\~DF91EC66383DD0AB80.TMP Jump to behavior
Source: C:\Windows\System32\msiexec.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: sqlite3.dll.1.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: sqlite3.dll.1.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: sqlite3.dll.1.dr Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: BrowserHistoryAnalyzerTask.dll.1.dr Binary or memory string: create table if not exists visits(id INT, url INT, visit_time INT, from_visit INT, transition INT, segment_id INT, visit_duration INT, incremented_omnibox_typed_score NUM, user_key_idc_session_id INT); oError occured while merging browser history databases:
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknown Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10717_sursvc_qh.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 704D2DC67D6894EEBDB1CD33E2207CDD
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 1630123FD6E99419F490FEE5EE1376B7
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4A304068329E687C086DF1B908D49B47 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\icacls.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 704D2DC67D6894EEBDB1CD33E2207CDD Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 1630123FD6E99419F490FEE5EE1376B7 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4A304068329E687C086DF1B908D49B47 E Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall) Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\icacls.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File written: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Automated click: Next
Source: C:\Windows\System32\msiexec.exe Automated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exe Automated click: Next
Source: C:\Windows\System32\msiexec.exe Automated click: Install
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Automated click: Accept
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pem Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csv Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zip Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.bat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.json Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python312.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom312.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes312.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pyd Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pyd Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Directory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.log Jump to behavior
Source: WIN_DCA_2.4.0.10717_sursvc_qh.msi Static file information: File size 24121344 > 1048576
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, MSI8665.tmp.1.dr, MSI790E.tmp.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbFF source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32api.pdb!! source: win32api.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, MSI85F7.tmp.1.dr, MSI8356.tmp.1.dr, MSI880C.tmp.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\pywintypes.pdb++ source: pywintypes312.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:32:59 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files (x86)\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;os-specificC:\Program Files (x86)\Common Files\SSLC:\Program Files (x86)\OpenSSL\lib\ossl-modules.dll..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: libcrypto-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi, MSI8665.tmp.1.dr, MSI790E.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10717_sursvc_qh.msi
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\pywintypes.pdb source: pywintypes312.dll.1.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.2.0 23 Nov 20233.2.0built on: Tue Nov 28 17:22:06 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableHMAC-DRBG-KDFentropynoncecrypto\deterministic_nonce.cget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptocrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFhexstr2buf_sepcrypto\o_str.cossl_hexstr2buf_sepbuf2hexstr_sepcrypto\packet.ccrypto\param_build.cparam_push_numpush_BNNegative big numbers are unsupported for OSSL_PARAM_UNSIGNED_INTEGEROSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_in
Source: Binary string: R:\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-312\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: VCRUNTIME140.dll.1.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: libssl-3.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Binary contains a suspicious time stamp
Source: DSADcaIntegration.dll.1.dr Static PE information: 0xB9BEFE61 [Mon Oct 1 07:25:21 2068 UTC]
PE file contains an invalid checksum
Source: IntelSoftwareAssetManagerService.exe.1.dr Static PE information: real checksum: 0x4b4715 should be: 0x4bab14
PE file contains sections with non-standard names
Source: crashlog_extractor.exe.1.dr Static PE information: section name: _RDATA
Source: libcrypto-3.dll.1.dr Static PE information: section name: .00cfg
Source: libssl-3.dll.1.dr Static PE information: section name: .00cfg
Source: python312.dll.1.dr Static PE information: section name: PyRuntim
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Code function: 13_2_00007FF848A98CB5 push eax; iretd 13_2_00007FF848A98CCD

Persistence and Installation Behavior
barindex
Sample is not signed and drops a device driver
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to behavior
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI790E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7C5E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI81CD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8665.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI880C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7C3E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom312.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI796D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python312.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI822C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes312.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI85F7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI77D5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8356.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI97EC.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8665.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI880C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7C5E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI822C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI81CD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI97EC.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8356.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI85F7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI796D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7C3E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI77D5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI790E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt Jump to behavior
Uses cacls to modify the permissions of files
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Process information set: NOGPFAULTERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: esrv_svc.exe.1.dr Binary or memory string: WINE_GET_UNIX_FILE_NAME
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Memory allocated: 20B65E10000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Memory allocated: 20B7F880000 memory reserve | memory write watch Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32service.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI790E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32evtlog.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI7C5E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI81CD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8665.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI880C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32inet.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI7C3E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32security.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32process.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom312.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI796D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32event.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python312.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI822C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes312.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI85F7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI77D5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32api.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\servicemanager.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32file.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32profile.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-3.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\ICIP\Config.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI8356.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32ts.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\_win32sysloader.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI97EC.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32trace.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\perfmon.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\B2D17E516404D9B48ABBBECFC51CD268\2.4.10717\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32\win32pipe.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: esrv_svc.exe.1.dr Binary or memory string: VMware-
Source: esrv_svc.exe.1.dr Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall) Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Program Files\Intel\SUR\ICIP\Config.dll VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Adds / modifies Windows certificates
Source: C:\Windows\System32\msiexec.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1426575 Sample: WIN_DCA_2.4.0.10717_sursvc_qh.msi Startdate: 16/04/2024 Architecture: WINDOWS Score: 26 42 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->42 44 .NET source code contains very large strings 2->44 8 msiexec.exe 268 206 2->8         started        12 msiexec.exe 5 2->12         started        process3 file4 34 C:\Program Files\Intel\...\semav6msr64.sys, PE32+ 8->34 dropped 36 C:\Program Files\Intel\SUR\...\bertreader.sys, PE32+ 8->36 dropped 38 C:\Windows\Installer\MSI97EC.tmp, PE32 8->38 dropped 40 138 other files (none is malicious) 8->40 dropped 46 Sample is not signed and drops a device driver 8->46 14 msiexec.exe 8->14         started        16 SurConsent.exe 1 3 8->16         started        18 msiexec.exe 8->18         started        20 msiexec.exe 8->20         started        signatures5 process6 process7 22 cmd.exe 1 14->22         started        24 icacls.exe 1 14->24         started        26 cmd.exe 1 14->26         started        process8 28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        32 conhost.exe 26->32         started       
No contacted IP infos