What is Intel-Driver-and-Support-Assistant-Installer.exe?
Intel-Driver-and-Support-Assistant-Installer.exe is part of Intel® Driver & Support Assistant and developed by Intel according to the Intel-Driver-and-Support-Assistant-Installer.exe version information.
Intel-Driver-and-Support-Assistant-Installer.exe's description is "Intel® Driver & Support Assistant"
Intel-Driver-and-Support-Assistant-Installer.exe is digitally signed by IDSA Production signing key.
Intel-Driver-and-Support-Assistant-Installer.exe is usually located in the 'c:\users\%USERNAME%\downloads\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about Intel-Driver-and-Support-Assistant-Installer.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on Intel-Driver-and-Support-Assistant-Installer.exe:
| Property | Value |
|---|---|
| Product name | Intel® Driver & Support Assistant |
| Company name | Intel |
| File description | Intel® Driver & Support Assistant |
| Internal name | setup |
| Original filename | Intel-Driver-and-Support-Assistant-Installer.exe |
| Legal copyright | Copyright © Intel Corporation. All rights reserved. |
| Product version | 19.11.46.6 |
| File version | 19.11.46.6 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Intel® Driver & Support Assistant |
| Company name | Intel |
| File description | Intel® Driver & Support Assistant |
| Internal name | setup |
| Original filename | Intel-Driver-and-Support-Assistant-I.. |
| Legal copyright | Copyright © Intel Corporation. All .. |
| Product version | 19.11.46.6 |
| File version | 19.11.46.6 |
Digital signatures [?]
Intel-Driver-and-Support-Assistant-Installer.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | IDSA Production signing key |
| Certificate issuer name | Intel External Issuing CA 7B |
| Certificate serial number | 5600000965070d4582c6239c85000000000965 |
VirusTotal report
None of the 70 anti-virus programs at VirusTotal detected the Intel-Driver-and-Support-Assistant-Installer.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be\\Intel-Driver-and-Support-Assistant-Installer.exe",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCommonUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Intel\u00ae_Driver_&_Support_Assistant_20191126151315.log",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\GalaSoft.MvvmLight.dll"
],
"directory_created": [
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\"
],
"dll_loaded": [
"C:\\Windows\\system32\\wininet.dll",
"C:\\Windows\\system32\\feclient.dll",
"C:\\Windows\\system32\\clbcatq.dll",
"kernel32",
"api-ms-win-core-localization-l1-2-1",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\msi.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"api-ms-win-core-synch-l1-2-0",
"C:\\Windows\\system32\\uxtheme.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"C:\\Windows\\system32\\cabinet.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"C:\\Windows\\system32\\msasn1.dll",
"OLEAUT32.DLL",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"C:\\Windows\\system32\\comres.dll",
"WindowsCodecs.dll",
"C:\\Windows\\system32\\version.dll",
"CLBCatQ.DLL",
"comctl32.dll",
"feclient.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\bafunctions.dll",
"VERSION.dll",
"C:\\Windows\\system32\\AdvApi32.dll",
"api-ms-win-core-fibers-l1-1-1",
"msi.dll",
"C:\\Windows\\system32\\crypt32.dll",
"C:\\Windows\\system32\\Msi.dll",
"Cabinet.dll"
],
"file_opened": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\F049816DEBE34E9428989DA923D628AA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}.RebootRequired",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\2783319AEF9CCC54F8101D49B7F090AE\\InstallProperties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\5B39AB9FBC0678442BF9BD218D6A9152",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\F049816DEBE34E9428989DA923D628AA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\WiX\\Burn",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\60DB5E5629367203C8625813703DFCA1",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}\\Dependents\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\60DB5E5629367203C8625813703DFCA1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\78009913548E41748B2D5740799D3014\\InstallProperties",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\5B39AB9FBC0678442BF9BD218D6A9152",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"HKEY_CURRENT_USER\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\F049816DEBE34E9428989DA923D628AA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\78009913548E41748B2D5740799D3014",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\60DB5E5629367203C8625813703DFCA1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}",
"HKEY_CURRENT_USER\\Msxml2.DOMDocument",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\TreatAs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{31990087-E845-4714-B8D2-750497D90341}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\5B39AB9FBC0678442BF9BD218D6A9152",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\2783319AEF9CCC54F8101D49B7F090AE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData"
],
"command_line": [
"\"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin\" -burn.clean.room=\"C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin\" -burn.filehandle.attached=192 -burn.filehandle.self=200 "
],
"file_written": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be\\Intel-Driver-and-Support-Assistant-Installer.exe",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCommonUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Intel\u00ae_Driver_&_Support_Assistant_20191126151315.log",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\GalaSoft.MvvmLight.dll"
],
"file_exists": [
"C:\\ProgramData\\Package Cache\\C42E6ED280290648BBD59F664008852F4CFE4548\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\",
"C:\\ProgramData\\Package Cache\\{31990087-E845-4714-B8D2-750497D90341}v19.11.46.6\\",
"C:\\ProgramData\\Package Cache\\507ECDADC23A27C2283BA130A2AA51650E6BC05B\\",
"C:\\ProgramData\\Package Cache\\72211BD2E7DFC91EA7C8FAC549C49C0543BA791B\\",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\",
"C:\\ProgramData\\Package Cache\\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}v2.4.04755\\"
],
"guid": [
"{f6d90f11-9c73-11d3-b32e-00c04f990bb4}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{2933bf81-7b36-11d2-b20e-00c04f983e60}",
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}"
],
"file_read": [
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleUpgradeCode",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\CurrentBuild",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleUpgradeCode"
],
"directory_enumerated": [
"C:\\ProgramData\\Package Cache\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}\\Intel-Driver-and-Support-Assistant-Installer.exe",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1033\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1033\\mbapreq.wxl"
]
}Dropped
[
{
"yara": [],
"sha1": "e76629973f6c1cfc06f60ba64fe9f237b2db9698",
"name": "f4aa983e39fb29c9_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "f4aa983e39fb29c95e3306082f034b3a43e1d26489c997b8e6697b6a3b2f9f3c",
"urls": [],
"crc32": "2E2AA59C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/f4aa983e39fb29c9_mbapreq.wxl",
"ssdeep": null,
"size": 2368,
"sha512": "964f73e572bdcb1ad946c770e6a2fb4a1ce54af4b5bb072f64256083ba27a223f4dad4a95b9d2a646180806d1f977726147970b06aac35eed75aec6ca89ed337",
"pids": [
2588
],
"md5": "96acaaa5aef7798e9048baff4c3fa8d3"
},
{
"yara": [],
"sha1": "e831e8978a48beafa04aad52a564b7eaded4311d",
"name": "cac263e0e90a4087_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "cac263e0e90a4087446a290055257b1c39f17e11f065598cb2286df4332c7696",
"urls": [],
"crc32": "31F17E6E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/cac263e0e90a4087_mbapreq.wxl",
"ssdeep": null,
"size": 2286,
"sha512": "2a02415a3e5f073f4530fd87c97b685d95b8c0e1b15efd185cc5cb046fcf1d0dce28db9889ad52588b96fe01841a7a61f6b7d6d2f669eab10a8926c46b8e93d1",
"pids": [
2588
],
"md5": "7c6e4ce87870b3b5e71d3ef4555500f8"
},
{
"yara": [],
"sha1": "2d90041869c1e4286be5185c717f74993987d544",
"name": "1ea58302a7194b0e_bootstrapperapplicationdata.xml",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"type": "XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators",
"sha256": "1ea58302a7194b0ea0458be9f631ccba86176d19dc56095f2ecf693a86da3c65",
"urls": [],
"crc32": "EA6FCE36",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/1ea58302a7194b0e_bootstrapperapplicationdata.xml",
"ssdeep": null,
"size": 8900,
"sha512": "61311321690ddee2611846377ce047d5eaff4f1938cc168823c4eb50a025919c34922bd5e739e6eb4658bcf75c2695f239183f7437f8e72e9004c40966f4a976",
"pids": [
2588
],
"md5": "3e2c93ce14c9b52b0dbb2c41769d6307"
},
{
"yara": [],
"sha1": "2b066523410abe8790295109653475a847cf615e",
"name": "1baeed7abb34795a_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "1baeed7abb34795a483881e703dba23363b5776d096cb2b02bf6f913a0a9638b",
"urls": [],
"crc32": "81E44CDA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/1baeed7abb34795a_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 21504,
"sha512": "22cae790613697ae5c2851e030e6d601c4a0406e843f48f66ff0fed6ba21d8d977638684a1f780f5d944249306b0d04c8df451ad44853048c6c6bad4883f06dd",
"pids": [
2588
],
"md5": "265e623a75a4b802d24247070fe812c7"
},
{
"yara": [],
"sha1": "11577021465379e9d1ff4260e607149ba5dfa6b3",
"name": "c63de5f309502f92_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "c63de5f309502f9272402587a6be22624d1bc2feacd1bd33fb11e44cd6614b96",
"urls": [],
"crc32": "AAB98835",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/c63de5f309502f92_mbapreq.wxl",
"ssdeep": null,
"size": 2464,
"sha512": "ae791c1f05821167f1d2e1d07dbf95fe7e72b35b3e4b1e22720006c7a672b1330b748414792392b0e806f111aa4efc1c424f4479ebde349e3f079792dbb3bf47",
"pids": [
2588
],
"md5": "4d2c8d10c5dcca6b938b71c8f02ca8a8"
},
{
"yara": [],
"sha1": "4e44e656a0d552b2ffd65911cb45245364e5dbf3",
"name": "631d46cb048fb6cf_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "631d46cb048fb6cf0b9a1362f8e5a1854c46e9525a0260c7841a04b2316c8295",
"urls": [],
"crc32": "4A99111D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/631d46cb048fb6cf_mbapreq.wxl",
"ssdeep": null,
"size": 2442,
"sha512": "fd7e8896f9414f0db7a88f926f55ee24e0591da676f330200bc6bb829eb32648d90d3094e0011bfe36c7ba8be41dfd74b12d444afea0d2866801258da4fa16e8",
"pids": [
2588
],
"md5": "c8e7e0b4e63b3076047b7f49c76d56e1"
},
{
"yara": [],
"sha1": "c0a18c8c5bcd7b88c384b5304b56eeb85a0da3dc",
"name": "ccdcdb111efa152c_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "ccdcdb111efa152c5f9ff4930033698b843390a549699ae802098d87431f16fe",
"urls": [],
"crc32": "49BCD237",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/ccdcdb111efa152c_mbapreq.wxl",
"ssdeep": null,
"size": 2545,
"sha512": "589522bd4a26bf54ccf3564e392e41bbba4e7b3fd1ed74e7f4f6ad6f2e65cde11fff32d0c5f3bcd09052fe5110fdc361d1926e220fd0bad2d38cac21bbe93211",
"pids": [
2588
],
"md5": "db0f5bab42403fd67c0a18e35e6880ec"
},
{
"yara": [],
"sha1": "22234426c42637e069a46217019551e4434a4ab6",
"name": "06bfb6dfbc38105c_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "06bfb6dfbc38105c699dea226a029df3ef673c33e4b8928dc4ec7fb8f761487d",
"urls": [],
"crc32": "80DA48EC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/06bfb6dfbc38105c_mbapreq.wxl",
"ssdeep": null,
"size": 2303,
"sha512": "8bdcf7533a6bcfa231b42a7ef845a70c7535fbf607d62ff6404928d5941ba6afbf139450a1a1b58c65facf88dc0785aec4abefbcc803466a58b1930f7c468cdd",
"pids": [
2588
],
"md5": "01b200e06ba600a4ef00c00f7aac5ce4"
},
{
"yara": [],
"sha1": "f20c7db38b3161b143dec4e578ce71d7f585f436",
"name": "4a7fdf4a9033fe05_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "4a7fdf4a9033fe05c31f565ed3ae5b8c67d324b7aeadb737ce95dbb416d46868",
"urls": [],
"crc32": "A0E9EF21",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/4a7fdf4a9033fe05_mbapreq.wxl",
"ssdeep": null,
"size": 2334,
"sha512": "310c85b27e1ecf4c6729e88051037150cfba0234a0138666c26662b3d665ff38b74e95abcaddeef6cbebb23e3357fac487e6ee5eb8fe158c269d77672191b042",
"pids": [
2588
],
"md5": "016c278e515f87f589ad22c856b201f7"
},
{
"yara": [],
"sha1": "f80b1f416539d33206ce3c24ba3b14b799a84813",
"name": "a40c94eb33f8841c_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "a40c94eb33f8841c79e9f6958433affd517f97b4570f731666af572e63178bb7",
"urls": [],
"crc32": "2895C5D4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/a40c94eb33f8841c_mbapreq.wxl",
"ssdeep": null,
"size": 2304,
"sha512": "bbd9794181eec95d6be7a1b7ba83fd61af2b2df61d9da8dda2788b61bec53c30fcefe5222edf134166532b36d3ab6ce8996f2d670dc6907c1864af881a21ea40",
"pids": [
2588
],
"md5": "50261379b89457b1980ff19cfabe6a08"
},
{
"yara": [],
"sha1": "0156b230cadd6169ac2820865e3c031ed79785ef",
"name": "c91c9e87ab4a6db0_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "c91c9e87ab4a6db078f1991f4a2cdc726b58a40e47bce49d39168a8f8f151c3b",
"urls": [],
"crc32": "8A30533C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/c91c9e87ab4a6db0_mbapreq.wxl",
"ssdeep": null,
"size": 2880,
"sha512": "5e87ee3838e3595adbd7eaba6e3e33cdfea5e15ed716fbccdbd55235b3e53e1e41ea5a907f425e96c35167543c7f75ac5214b5aee177d299fc2464a68b22851e",
"pids": [
2588
],
"md5": "daf167af4031ef47e562056a7d51aa73"
},
{
"yara": [],
"sha1": "5d5acbc56e7078af4d04c45b78c0ff090c02ee6a",
"name": "6dd61cc6b87b53ea_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "6dd61cc6b87b53eaf28430068a2a459730fd4b2bcf876ccdf040212d04c4fe7d",
"urls": [],
"crc32": "61D80120",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/6dd61cc6b87b53ea_mbapreq.wxl",
"ssdeep": null,
"size": 2132,
"sha512": "9e4ba81a145574818dd6a1f1d0ec38ea1629c7771919c35923f440e31ea9912e1630d94fcdb82b71104ebd61d0321dcdf935ba20d69988ee6e9b22259186af0c",
"pids": [
2588
],
"md5": "d95e81164c57b6fd75e7c3022454192e"
},
{
"yara": [],
"sha1": "9252a309c1cb32573f4d58a595a78660fdf54b2f",
"name": "b884c4abb8867553_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "b884c4abb8867553c1ffadd6721c2135ec5f9f1455c3f668d711ccea65363d1a",
"urls": [],
"crc32": "2E4AD29A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/b884c4abb8867553_mbapreq.wxl",
"ssdeep": null,
"size": 2400,
"sha512": "77e6dd332104c0461b7c5a08469161af3f1dc51d3b55585d39dd9fc9e2088da036bdf2278cfb96ca702fd26ce073c6c6f66611313270700b9e7a76600c1c8e38",
"pids": [
2588
],
"md5": "1024aa88ae01bc7ba797193cc6023375"
},
{
"yara": [],
"sha1": "f96ab8f441e4189f12a8229233594f974dfdb938",
"name": "2d9a5d6e6452c035_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "2d9a5d6e6452c035601335f89ab542bff4e288a6aaee68cc536dbf3f96a41641",
"urls": [],
"crc32": "901ADA21",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/2d9a5d6e6452c035_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 23040,
"sha512": "e3e594af3bf6bbc602af1ea3d3da2c78cf18efa453d35fa6ada5018896a32a9f11b81685a49b29aed29e866bfe3a4ca9caa2cc9f810d9377e61a8eb4d0fe91fa",
"pids": [
2588
],
"md5": "00c000f67f0b6db9a5c299ddc44f1084"
},
{
"yara": [],
"sha1": "67496db91cbaa85ac0727b12fc2d35e990537dac",
"name": "d22f6ada97dbffc1_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "d22f6ada97dbffc1e7548e52163807f982b30b11a2a5109e71f42985102cccbd",
"urls": [],
"crc32": "13CA2993",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/d22f6ada97dbffc1_mbapreq.wxl",
"ssdeep": null,
"size": 2236,
"sha512": "a350eaf9e7aeafab1163d7c0b8d014afe07ee98bae3915cbdd3c26282e345a0838e853c89bae8943474758dcbcfd0bb0724a0c75cbf969f321fab4944e8704fd",
"pids": [
2588
],
"md5": "442f8463ef5ca42b99b2efaca696bd01"
},
{
"yara": [],
"sha1": "bca088ab33cfb69adeae11a272e9c8a83f39a8c9",
"name": "886cb2a994461f09_bootstrappercore.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "886cb2a994461f091752fc7b21e3143c212efd8841c757909e74ac32761880da",
"urls": [],
"crc32": "F8215505",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/886cb2a994461f09_bootstrappercore.dll",
"ssdeep": null,
"size": 81920,
"sha512": "df2ca029e95f80fc5870e541db8b1d5a03266307bb5f7680ad630868a9a3c584b3a702fbec09c26fef7287c99f5d9d1f59cd59b74dcf740c9a8e7508e07d18b5",
"pids": [
2588
],
"md5": "c4f7146ddc56763ccdb1cb3c09478708"
},
{
"yara": [],
"sha1": "4cd21661e341080fb8c2defd9f32f134561fc3ba",
"name": "88e7ddacd6b714d9_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "88e7ddacd6b714d94d5322876bd50051479b7a0c686dc2e9eb06b3b7a0bc06c9",
"urls": [],
"crc32": "D317E7F4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/88e7ddacd6b714d9_mbapreq.wxl",
"ssdeep": null,
"size": 2306,
"sha512": "78e201f369e65535e25722dfc0efe99edf641f7c14eff1526dc1cc047ff11640079f1e3d25c9072cf25f4804195891be006fc5ed313063afcb91fb5700120b88",
"pids": [
2588
],
"md5": "aa32a059aadd42431f7837cb1be7257f"
},
{
"yara": [],
"sha1": "df53ed9440d027401d502f3297668009030350a7",
"name": "7b9f919a3d1974fd_mbapreq.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "7b9f919a3d1974fd8fa35ad189edc8bf287f476bd377e713e616b26864a4b0d3",
"urls": [],
"crc32": "6778E6CA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/7b9f919a3d1974fd_mbapreq.dll",
"ssdeep": null,
"size": 179200,
"sha512": "1a29e9e9bd798c892a7cd3cd4ff259195e4a92e26f53e8f1a86c75c5eb8fdda58ceba312cd791651fad5ce04529696195815a4ba5c143ad52a5ea0d7c539bb77",
"pids": [
2588
],
"md5": "8ca04519005ad03b4d9e062b97d7f79d"
},
{
"yara": [],
"sha1": "57cd14588f54ad1aa163229e541cd79e47831df5",
"name": "7c9d575b8fd20f20_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "7c9d575b8fd20f209002b3f8b46068f878aa45cef3bd0f29aaba189063733a7a",
"urls": [],
"crc32": "BE8BAF0A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/7c9d575b8fd20f20_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 17408,
"sha512": "7f5747a669e9a19a0eb6e5faf58276c4770ad054435622f200921c67f3eaf65fde390376b6cea95d6999067609e1131d7b6827fb273ffe6ca081e30bb1b061c7",
"pids": [
2588
],
"md5": "1d4345071e08c220c456f388efc1454c"
},
{
"yara": [],
"sha1": "0e26454a9db9d2553172dfd0980740516b25276e",
"name": "fea9a58ecbe3f873_intel\u00c2\u00ae_driver_&_support_assistant_20191126151315.log",
"type": "UTF-8 Unicode text, with CRLF line terminators",
"sha256": "fea9a58ecbe3f8734e05bc2f41f3ba3bc65ff3ba873444679e205e1146c3a98b",
"urls": [],
"crc32": "2F19091A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/fea9a58ecbe3f873_intel\u00c2\u00ae_driver_&_support_assistant_20191126151315.log",
"ssdeep": null,
"size": 5601,
"sha512": "0c0dbf8e25e88cd9840f4bad68cd0fdfbd7c763069534ab970c8aa5dd62c59e2b1cd60bfc5cadc6e9c95287ccf698a7b3760db58401c16b78e60e75f9611437d",
"md5": "f2a56f27df89b4a5761ab539c9f55b78"
},
{
"yara": [],
"sha1": "85d843b7248a5e1173ff9bd59cb73bb505f69b66",
"name": "226b778604236931_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\mbapreq.wxl",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "226b778604236931b4ae45f6f272586c884a11517444a34bf45cd5cae49be62e",
"urls": [],
"crc32": "4083F126",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/226b778604236931_mbapreq.wxl",
"ssdeep": null,
"size": 2312,
"sha512": "7bc7d3e6e19ecf865b2cabfc46c75d516561d5a8a81a8ed55b4edba41a13a7110f474473740200afb035b9597a2511d08c2a2e7a9ade2c2ab4d3f168944b8328",
"pids": [
2588
],
"md5": "67f28bcdb3ba6774cd66aa198b06ff38"
},
{
"yara": [],
"sha1": "241a57018ace1210881583a9cf646e7d2e51412f",
"name": "41545ac1247b61c3_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "41545ac1247b61c3c3e2a7e4659d9fad2bcca8347c69f2eb7b9d0cf5fc31e113",
"urls": [],
"crc32": "DCBDAF22",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/41545ac1247b61c3_mbapreq.wxl",
"ssdeep": null,
"size": 2171,
"sha512": "40e311eada299996e32a7d35223ca678a03c869d63c023d59bc97a7b2049b0252aa9d0a7ec8558d5acb73bd14c7bfa913097e65abee7455658db7e35bbda8ae1",
"pids": [
2588
],
"md5": "5454f724c9cdab8172678a1cc7057220"
},
{
"yara": [],
"sha1": "a6e0fa91cd50048511c7bef1be3a8d32b42b6d1f",
"name": "89c559c6765f8d64_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "89c559c6765f8d643469e3c8f4aa93023f09369b0395ea647fad5af3c2893eb6",
"urls": [],
"crc32": "6BE387C5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/89c559c6765f8d64_mbapreq.wxl",
"ssdeep": null,
"size": 1980,
"sha512": "0f1d7bc4fd64e18eeec488cdce01fb6bfa5cd3bff614a8d03e388d39f569b8341e74302946877eb25ba1eb17aec137499189605e251fafb6b20051744cb463b1",
"pids": [
2588
],
"md5": "a34dcf7771198c779648b89156483e83"
},
{
"yara": [],
"sha1": "1b3ed82655aec8a52daec60f8674bc7e07f8cfeb",
"name": "1b93556f07c35ac0_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "1b93556f07c35ac0564d57e0743ccba231950962c6506c8d4a74a31cd66fd04c",
"urls": [],
"crc32": "4D05D825",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/1b93556f07c35ac0_mbapreq.wxl",
"ssdeep": null,
"size": 2025,
"sha512": "c6ccb188281f161debf02dcdde24b77d8d14943deed8852e77e5afb18f3f62683ab1ae06dceb1e09d53804a76df6400a360712d8e7e228b7f971054bb4fb2496",
"pids": [
2588
],
"md5": "1d4b831f77efec96ffbc70bc4b59b8b5"
},
{
"yara": [],
"sha1": "74c131b5fd80446ffdf2afad723762dd36621309",
"name": "f8c3a03f47f0b9b3_mbapreq.thm",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "f8c3a03f47f0b9b3c20f0522a2481da28c77fecdbb302f8dd8fbed87758cbaea",
"urls": [
"http:\/\/wixtoolset.org\/schemas\/thmutil\/2010"
],
"crc32": "44760318",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/f8c3a03f47f0b9b3_mbapreq.thm",
"ssdeep": null,
"size": 3915,
"sha512": "47f34a9f416d223dcbf071e7292a05554af3d27cde67fc8c161c1bed564c6e7fc448c2f482e05f33149c782e09c681bd65730ca00cf9ec68b284128214b75529",
"pids": [
2588
],
"md5": "a20778ec90a094a62a6c3a6ab2a6dc7d"
},
{
"yara": [],
"sha1": "49cd0213a1655dcdb493668083ab2d7f55135381",
"name": "b925d9d3e1e2c49b_mbahost.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "b925d9d3e1e2c49bf05a1b0713e2750ee6e0c43c7adc9d3c3a1b9fb8c557c3df",
"urls": [],
"crc32": "16CA4DAE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/b925d9d3e1e2c49b_mbahost.dll",
"ssdeep": null,
"size": 113664,
"sha512": "22ca87979ca68f10b5fda64c27913d0f2a12c359b04e4a6caa3645303fbd47cd598c805fd9a43c8f3e0934e9d2db85f7a4e1eff26cb33d233efc05ee2613cfc1",
"pids": [
2588
],
"md5": "d7c697ceb6f40ce91dabfcbe8df08e22"
},
{
"yara": [],
"sha1": "91d4bdda8d2b703879cfe2c28550e0a46074fa57",
"name": "b8e90e20edf110aa_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "b8e90e20edf110aaaaea54fbc8533872831777be5589e380cfdd17e1f93147b5",
"urls": [],
"crc32": "61FAD742",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/b8e90e20edf110aa_mbapreq.wxl",
"ssdeep": null,
"size": 3400,
"sha512": "28dac36516bcc76bcc598c6e7abde359695f85ab7a830d6adbc844eb240d9fa372cb5a5ce4dbe21e250408c6b246d371d3cdd656d2178fb0ec22dac7d39cbd9f",
"pids": [
2588
],
"md5": "074d5921af07e6126049cb45814246ed"
},
{
"yara": [],
"sha1": "75ae41181581fd6376ca9ca88147011e48bf9a30",
"name": "a401a225addaf891_mbapreq.png",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png",
"type": "PNG image data, 63 x 63, 8-bit\/color RGBA, non-interlaced",
"sha256": "a401a225addaf89110b4b0f6e8cf94779e7c0640bcdd2d670ffcf05aab0dad03",
"urls": [],
"crc32": "D108E74E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/a401a225addaf891_mbapreq.png",
"ssdeep": null,
"size": 797,
"sha512": "a0f7836aefa1747f481c116f6b085f503b5c09b3a1dd97cd2189f7ce4e6e7ea98f1f66503cba2e6a83e873248cc7507328710dfa670aa5763df8aedcc560285e",
"pids": [
2588
],
"md5": "a356956fd269567b8f4612a33802637b"
},
{
"yara": [],
"sha1": "e8ad4fd609664727638361c3e9042a48abdcc11e",
"name": "c1fe1c22aa9eb95d_bootstrappercommonui.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCommonUI.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "c1fe1c22aa9eb95d0b779d5705ec9a5f5ed8c8f9c99a896b196f1d04c1f7486a",
"urls": [
"http:\/\/www.intel.ru\/content\/www\/ru\/ru\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.it\/content\/www\/it\/it\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.com.tw\/content\/www\/tw\/zh\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.se\/content\/www\/se\/sv\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.com.br\/content\/www\/br\/pt\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.de\/content\/www\/de\/de\/privacy\/intel-privacy-notice.html",
"http:\/\/schemas.openxmlformats.org\/markup-compatibility\/2006",
"http:\/\/www.intel.com.tr\/content\/www\/tr\/tr\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.es\/content\/www\/es\/es\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.nl\/content\/www\/nl\/nl\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.eu\/content\/www\/eu\/en\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.fr\/content\/www\/fr\/fr\/privacy\/intel-privacy-notice.html",
"http:\/\/intel.co.jp\/privacy",
"http:\/\/intel.com\/privacy",
"http:\/\/www.intel.co.kr\/content\/www\/kr\/ko\/privacy\/intel-privacy-notice.html",
"http:\/\/www.thailand.intel.com\/content\/www\/th\/th\/privacy\/intel-privacy-notice.html",
"http:\/\/www.intel.pl\/content\/www\/pl\/pl\/privacy\/intel-privacy-notice.html",
"https:\/\/policy.system-usage-report.intel.com\/faq\/",
"https:\/\/policy.system-usage-report.intel.com\/faq\/)",
"http:\/\/www.intel.cn\/content\/www\/cn\/zh\/privacy\/intel-privacy-notice.html"
],
"crc32": "D4EDB4A7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/c1fe1c22aa9eb95d_bootstrappercommonui.dll",
"ssdeep": null,
"size": 213504,
"sha512": "8b75d693d7277d4396ea136a6f9163d7236fafbef0e0fb8154c3fe966b772151a0e33ebb33238eea3590ebfe4020e604cd3bf6f9b826080fd9b9130084a547bf",
"pids": [
2588
],
"md5": "eab5c3971e0852c21581abfaf14ddb59"
},
{
"yara": [],
"sha1": "b6842e816f9e0dcc559a5692e4d26101d10b4b16",
"name": "c015247d022bdc10_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "c015247d022bdc108b4ffcae89cb55d1e313034d7e6eed18744c1bb55f108f8c",
"urls": [],
"crc32": "6FBB1028",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/c015247d022bdc10_mbapreq.wxl",
"ssdeep": null,
"size": 2200,
"sha512": "640a79d6a756e591ad02ddccc53bc43f855c5148b8cbb5ce6c1caf5419ca02f7b2aff89cca4c056356814d3899ef79bf038b4e8b4b79eb85138a3cedcce93e5b",
"pids": [
2588
],
"md5": "5836f0c655bdd97093f68aaf69ab2bab"
},
{
"yara": [],
"sha1": "b075b452515b033f130518e83ad05f1896efb9f5",
"name": "6d03dc041d84644b_bootstrappercore.config",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"type": "XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"sha256": "6d03dc041d84644b0ce097f9313ed49ce38604b664db444aece1640731625298",
"urls": [
"http:\/\/msdn.microsoft.com\/en-us\/library\/vstudio\/w4atty68%28v=vs.110%29.aspx"
],
"crc32": "50914E8C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/6d03dc041d84644b_bootstrappercore.config",
"ssdeep": null,
"size": 803,
"sha512": "1909784250a9365a8a0d4d0c50a43553bd9003965fead60ac8d0315276a65b43e9c32a57216461cda0b68feae1d56d0c0242d18ed2202d424e04395e939cc68e",
"pids": [
2588
],
"md5": "64248d2c500318bdd1f963905302ba87"
},
{
"yara": [],
"sha1": "968ed6a43d5ff282b70de71e5ff232582d7296f6",
"name": "0d643f21f0dcc381_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "0d643f21f0dcc38134ac5098150cc237811b6524b530e907edaf4977b4aa3dc3",
"urls": [],
"crc32": "1C09DED2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/0d643f21f0dcc381_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 24064,
"sha512": "b6c517b47f69da81171bd14ba4a8f5d88c48e5292e024ae4e1c922bc005157123df6718f169a3916e332d92727bbfe48acb1effebb88432810dfa474bfc00a79",
"pids": [
2588
],
"md5": "6d81a2f3f9ce307b5a2f8b66ac583c7e"
},
{
"yara": [],
"sha1": "9dea712fdb17e9cd36d58db873951c32fe306881",
"name": "50a421fb7aefda7c_bootstrapperui.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperUI.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "50a421fb7aefda7cb85e8b1106c4d0186465123b956ed84f123f6a28c9148728",
"urls": [],
"crc32": "5EF9D757",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/50a421fb7aefda7c_bootstrapperui.dll",
"ssdeep": null,
"size": 25600,
"sha512": "2f4d6b86a20b09d58995fc2b366a275ba1bf2d4f3c37cd776bd6cbc941d3ac7002b79b0d0387de134c1113b33887051f77508524535eaaf93608de4fa3b44b9d",
"pids": [
2588
],
"md5": "51fa9146b985c68e8f4dd776a14df7f4"
},
{
"yara": [],
"sha1": "218ab63a8e633fb53c11d48332da486b17170235",
"name": "10f05a9e0f798f36_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "10f05a9e0f798f36ee2570074d9c5f1e13df1c0ea36d759544f8a89749267e4f",
"urls": [],
"crc32": "68D258FA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/10f05a9e0f798f36_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 22016,
"sha512": "1ae82b222b2429cf43576a3081db1952adffdb62c6aeb34ed254aa1274ca39d5527b8403f49255916a0c6e5b4a9ac4c27cb6dad9edace558d751b29a8276a286",
"pids": [
2588
],
"md5": "a0ffe4b338e8ab6b7c76e4a0503c9112"
},
{
"yara": [],
"sha1": "7511184300e2b6f70bc92333392386a812b2dabf",
"name": "b097fca120a9e76f_galasoft.mvvmlight.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\GalaSoft.MvvmLight.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf",
"urls": [
"http:\/\/www.galasoft.ch"
],
"crc32": "B7594D4D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/b097fca120a9e76f_galasoft.mvvmlight.dll",
"ssdeep": null,
"size": 30208,
"sha512": "a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a",
"pids": [
2588
],
"md5": "af04687248da9e95a7ff65ab538d0bcf"
},
{
"yara": [],
"sha1": "95ea7f570677aea52393d02fdb21cebb218a7343",
"name": "dc445e2457ed31ab_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "dc445e2457ed31abf536871f90ff7cc96800a40b6bc033f37d45e3156a3b4fa9",
"urls": [],
"crc32": "A18CE942",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/dc445e2457ed31ab_mbapreq.wxl",
"ssdeep": null,
"size": 2458,
"sha512": "a4b19ebc8bb0d88aba7d3d5783e28f8b6e0960582a540059bc71076b1203bf43bca15ea726272d15395c7b4e431046ada1cbb9d55072bbc5dbe7729c4599f0e0",
"pids": [
2588
],
"md5": "cc8c6d04dc707b38e0f0c08ba16fe49b"
},
{
"yara": [],
"sha1": "15f78cc357e5c4b66690d7e2063a12c84a28ebe6",
"name": "53694f89d70ac786_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "53694f89d70ac786213c76b0bb905028722567d0eaecb76dbf8c16bacfaade18",
"urls": [],
"crc32": "4C3AAEC8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/53694f89d70ac786_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 26112,
"sha512": "b07932a1e793693dcba3ee5cb3f44579f910a6fc7d77c1fd5ebc85cb531672ccedb6442d89bc5609e7a00f4cddd118d1eade00d14514ae3869ddd8cb700ec1e4",
"pids": [
2588
],
"md5": "0dcb8b2353a9a35cf08a03d60a3192a8"
},
{
"yara": [],
"sha1": "4af9b86aca5220ff5a88008a4d1d4afaf6e920ee",
"name": "a0f28c48d6bfc63e_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "a0f28c48d6bfc63e2313ce2e040f98b5005cca4b272f5f46739b872010207000",
"urls": [],
"crc32": "0EC9DB6B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/a0f28c48d6bfc63e_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 41472,
"sha512": "d791faf13dba46742646f4b91767a5689a4f0b350e6963cd4d966de1b986251b9b3a867dcc402a570a057cc1c702ed806de68f0b22049cb90d909aa8c1d48f52",
"pids": [
2588
],
"md5": "38e893a9ca79b0b2e765b8554bdadd1b"
},
{
"yara": [],
"sha1": "1a1ea4dd654c4c7a5c5b15a415d4c722ff6c411c",
"name": "c640efaec9593877_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "c640efaec959387778eec6a040043e58e6179359be78b4e86204003dfad838de",
"urls": [],
"crc32": "E2AEFC97",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/c640efaec9593877_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 22528,
"sha512": "48225f26659012a4ba815c3505e720ceae643adaabcae89aede171559b84c4c614d76173405751512f9cbe50960b2f281880cd0202be6d875e49c644b769dee3",
"pids": [
2588
],
"md5": "44c05ab28af089ccf8a2cb6c0df023af"
},
{
"yara": [],
"sha1": "3abb061793907dd02f0a9d05425a68ea19f756a2",
"name": "8d525d43c9b40bf8_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "8d525d43c9b40bf84fa6d01320ea6fe75581cfbb824d39972203d704137845ee",
"urls": [],
"crc32": "72B8BFA5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/8d525d43c9b40bf8_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 23040,
"sha512": "0661aafe57229db7da5adba46c3dadf40414b1f0f876d3b7e39608da8d2b4bb70c854f62fa1c0b78e1cd8e0452ae97e52b011091662138b23dea428ad5341cb3",
"pids": [
2588
],
"md5": "6cca3a7189fc8fdbfb6af800780346c2"
},
{
"yara": [],
"sha1": "576bba8ff1779e6f782fcca5fa067ca843f28bb6",
"name": "00d99c208e11b070_bootstrappercommonui.resources.dll",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\BootstrapperCommonUI.Resources.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "00d99c208e11b0700651632ed704cc6676638091b781296b0c261f121404e652",
"urls": [],
"crc32": "21A517A1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/00d99c208e11b070_bootstrappercommonui.resources.dll",
"ssdeep": null,
"size": 17920,
"sha512": "60f55522980eca2b985efa7968566273d1295d5e7b186f3acb7298ac6c0e3ff437e3973c1f91c74c1ec4af1e6547372544a3b3e5ddac08f571f3cf005076c02f",
"pids": [
2588
],
"md5": "c7314d27d317dd9700790d9448f7c62a"
},
{
"yara": [],
"sha1": "83b42f9d7307265a108fc339d0460d36b66a8b94",
"name": "b7d9528f29761c82_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "b7d9528f29761c82c3d926efe5e0d5036a0e0d83eb4cca7282846c86a9d6f9f3",
"urls": [],
"crc32": "52CA6338",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/b7d9528f29761c82_mbapreq.wxl",
"ssdeep": null,
"size": 2235,
"sha512": "f7be923dc2856e0941d0669e2de5a5c307c98dc7eba0a1b68728eb29c95b4625145c2ad3ac6f6b6d82f062887ea349e2187f1f91785dde5a5083bc1150e56326",
"pids": [
2588
],
"md5": "e338408f1101499eb22507a3451f7b06"
},
{
"yara": [],
"sha1": "688b8a109688d3ea483548f29de2e57a8a56c868",
"name": "ecb5c22e6c2423ca_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "ecb5c22e6c2423caf07aebe69f4faf22450164eee9587b64ef45a2d7f658ca15",
"urls": [],
"crc32": "3537066D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/ecb5c22e6c2423ca_mbapreq.wxl",
"ssdeep": null,
"size": 2147,
"sha512": "f2826be203e767d09ff0d7677e1cf5b13113b773d529166dae02a1f5db2dc58e0856a34901df70011ebabb6e964fab7acf38590e650bd629d4e4dc4cb36c8d45",
"pids": [
2588
],
"md5": "bd39adb6b872163fd2d570028e9f3213"
},
{
"yara": [],
"sha1": "7365edf6e4f9e66b6cee47933b6c70ff0b9ecff8",
"name": "e2bfdb2cf3beae2e_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "e2bfdb2cf3beae2e988827c52c58006d7eead4aba5312b5eae1f6ccf3863c385",
"urls": [],
"crc32": "71AF17B8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/e2bfdb2cf3beae2e_mbapreq.wxl",
"ssdeep": null,
"size": 2211,
"sha512": "88275c1136ffb15ab04d315e8601be2de77387f3e00f17e9807e415a9dfc4a73e2cd3b5710e4ca58006f91e18180d7cfaeef4e8319c624e1b81397f9cb9eca92",
"pids": [
2588
],
"md5": "8a278e519ef81b2847490efb070219bc"
},
{
"yara": [],
"sha1": "3a71d13d4cca06116b111625c90dd1c451ea9228",
"name": "55cf62d54efb7980_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "55cf62d54efb79801a9d94b24b3c9ba221c2465417a068950d40a67c52ba66ef",
"urls": [],
"crc32": "1C38A15D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/55cf62d54efb7980_mbapreq.wxl",
"ssdeep": null,
"size": 2392,
"sha512": "d05008d37143a1cc031f4b6268490a5a10fbb686c86984d20db94843bdc4624ef9651d158dcb5b660fc239c3c3e8d087eb5d23fffb8c4681910cbc376148f0f0",
"pids": [
2588
],
"md5": "17fb605a2f02da203df06f714d1cc6de"
},
{
"yara": [],
"sha1": "574f61b9273c1958cf9c96707783e59574a69066",
"name": "3231c8fd26dd4213_intel-driver-and-support-assistant-installer.exe",
"filepath": "C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be\\Intel-Driver-and-Support-Assistant-Installer.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "3231c8fd26dd421344bfea34b1999d8a66b7e65832a5bde706e0361ea7af01f6",
"urls": [
"http:\/\/crl.quovadisglobal.com\/qvicag4.crl0",
"http:\/\/trust.quovadisglobal.com\/qvicag4.crt0O",
"http:\/\/www.quovadisglobal.com\/repository0",
"http:\/\/ocsp.quovadisglobal.com05",
"http:\/\/pki.intel.com\/crt\/IntelCA7B.crt0",
"http:\/\/ocsp.quovadisglobal.com07",
"http:\/\/pki.intel.com\/crl\/IntelCA7B.crl0f",
"http:\/\/crl.comodoca.com\/COMODORSACertificationAuthority.crl0q",
"http:\/\/crl.quovadisglobal.com\/qvrca.crl0",
"http:\/\/ocsp.comodoca.com05",
"http:\/\/crt.comodoca.com\/COMODORSAAddTrustCA.crt0",
"http:\/\/OCSP.intel.com\/0",
"http:\/\/trust.quovadisglobal.com\/qvrca.crt0"
],
"crc32": "5F56C654",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3840\/files\/3231c8fd26dd4213_intel-driver-and-support-assistant-installer.exe",
"ssdeep": null,
"size": 859376,
"sha512": "e7542a4e0e0e597a354a9b52e60eb4b0afa90e63657c5615929010abe25ecb2de37cef67d120ac36b0e0bf60230337e02b38e3b576fe103e86a7c26d406ae74a",
"pids": [
2588
],
"md5": "89de8fa94362bb75b9a3c8d80913d335"
}
]Generic
[
{
"process_path": "C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"process_name": "314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"pid": 2588,
"summary": {
"file_created": [
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be\\Intel-Driver-and-Support-Assistant-Installer.exe",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCommonUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Intel\u00ae_Driver_&_Support_Assistant_20191126151315.log",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\GalaSoft.MvvmLight.dll"
],
"directory_created": [
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\"
],
"dll_loaded": [
"kernel32",
"api-ms-win-core-localization-l1-2-1",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"api-ms-win-core-synch-l1-2-0",
"C:\\Windows\\system32\\uxtheme.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"OLEAUT32.DLL",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"WindowsCodecs.dll",
"CLBCatQ.DLL",
"comctl32.dll",
"feclient.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\bafunctions.dll",
"VERSION.dll",
"C:\\Windows\\system32\\AdvApi32.dll",
"api-ms-win-core-fibers-l1-1-1",
"msi.dll",
"C:\\Windows\\system32\\Msi.dll",
"Cabinet.dll"
],
"file_opened": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\F049816DEBE34E9428989DA923D628AA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}.RebootRequired",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\2783319AEF9CCC54F8101D49B7F090AE\\InstallProperties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\5B39AB9FBC0678442BF9BD218D6A9152",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\F049816DEBE34E9428989DA923D628AA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\WiX\\Burn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\60DB5E5629367203C8625813703DFCA1",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}\\Dependents\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\60DB5E5629367203C8625813703DFCA1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\78009913548E41748B2D5740799D3014\\InstallProperties",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\5B39AB9FBC0678442BF9BD218D6A9152",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"HKEY_CURRENT_USER\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\F049816DEBE34E9428989DA923D628AA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\78009913548E41748B2D5740799D3014",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\60DB5E5629367203C8625813703DFCA1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}",
"HKEY_CURRENT_USER\\Msxml2.DOMDocument",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\TreatAs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Dependencies\\{31990087-E845-4714-B8D2-750497D90341}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\5B39AB9FBC0678442BF9BD218D6A9152",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\2783319AEF9CCC54F8101D49B7F090AE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData"
],
"file_written": [
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\it\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\de\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\pt-BR\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1053\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1051\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.be\\Intel-Driver-and-Support-Assistant-Installer.exe",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ja\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCommonUI.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ko\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\fr\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-TW\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\zh-CN\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\ru\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\3082\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Intel\u00ae_Driver_&_Support_Assistant_20191126151315.log",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\es\\BootstrapperCommonUI.Resources.dll",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\GalaSoft.MvvmLight.dll"
],
"file_exists": [
"C:\\ProgramData\\Package Cache\\C42E6ED280290648BBD59F664008852F4CFE4548\\",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\",
"C:\\ProgramData\\Package Cache\\72211BD2E7DFC91EA7C8FAC549C49C0543BA791B\\",
"C:\\ProgramData\\Package Cache\\507ECDADC23A27C2283BA130A2AA51650E6BC05B\\",
"C:\\ProgramData\\Package Cache\\{31990087-E845-4714-B8D2-750497D90341}v19.11.46.6\\",
"C:\\ProgramData\\Package Cache\\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}v2.4.04755\\"
],
"guid": [
"{f6d90f11-9c73-11d3-b32e-00c04f990bb4}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{2933bf81-7b36-11d2-b20e-00c04f983e60}",
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}"
],
"file_read": [
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.png"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleUpgradeCode",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\CurrentBuild",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleUpgradeCode"
],
"directory_enumerated": [
"C:\\ProgramData\\Package Cache\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}\\Intel-Driver-and-Support-Assistant-Installer.exe",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1033\\mbapreq.thm",
"C:\\Windows\\Temp\\{F215A2E6-B5A2-433B-BBC1-D79DC5149F5F}\\.ba\\1033\\mbapreq.wxl"
]
},
"first_seen": 1574787194.984375,
"ppid": 2676
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"process_name": "314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"pid": 2676,
"summary": {
"file_created": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin"
],
"directory_created": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\"
],
"dll_loaded": [
"feclient.dll",
"C:\\Windows\\system32\\wininet.dll",
"Cabinet.dll",
"C:\\Windows\\system32\\feclient.dll",
"kernel32.dll",
"C:\\Windows\\system32\\clbcatq.dll",
"kernel32",
"VERSION.dll",
"C:\\Windows\\system32\\AdvApi32.dll",
"api-ms-win-core-fibers-l1-1-1",
"api-ms-win-core-localization-l1-2-1",
"C:\\Windows\\system32\\comres.dll",
"C:\\Windows\\system32\\cabinet.dll",
"C:\\Windows\\system32\\crypt32.dll",
"C:\\Windows\\system32\\msasn1.dll",
"C:\\Windows\\system32\\msi.dll",
"C:\\Windows\\system32\\version.dll",
"C:\\Windows\\system32\\Msi.dll",
"CLBCatQ.DLL",
"api-ms-win-core-synch-l1-2-0"
],
"file_opened": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\Progid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\TreatAs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\WiX\\Burn",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID",
"HKEY_CURRENT_USER\\Msxml2.DOMDocument"
],
"command_line": [
"\"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin\" -burn.clean.room=\"C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin\" -burn.filehandle.attached=192 -burn.filehandle.self=200 "
],
"file_written": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin"
],
"file_exists": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\"
],
"guid": [
"{f6d90f11-9c73-11d3-b32e-00c04f990bb4}",
"{2933bf81-7b36-11d2-b20e-00c04f983e60}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1.bin"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only"
]
},
"first_seen": 1574787194.640625,
"ppid": 2724
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1574787194.390625,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1574787195.202375,
"tid": 2820,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 986
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "C:\\agent\\_work\\8\\s\\build\\ship\\x86\\burn.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".wixburn",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 17,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"options": 0
},
"time": 1574787195.218375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1104
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}.RebootRequired",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}.RebootRequired",
"options": 0
},
"time": 1574787195.218375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1105
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6f1bfc2f-3587-45bb-8507-64d06f75e0d6}",
"options": 0
},
"time": 1574787195.218375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1106
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000002",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1536
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook",
"regkey_r": "AddressBook",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1540
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager",
"regkey_r": "Connection Manager",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1547
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx",
"regkey_r": "DirectDrawEx",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1554
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore",
"regkey_r": "Fontcore",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1561
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40",
"regkey_r": "IE40",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1568
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data",
"regkey_r": "IE4Data",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1575
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX",
"regkey_r": "IE5BAKEX",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1582
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData",
"regkey_r": "IEData",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1589
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack",
"regkey_r": "MobileOptionPack",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1596
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"regkey_r": "Mozilla Firefox 60.0.2 (x86 sv-SE)",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1603
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent",
"regkey_r": "SchedulingAgent",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1610
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x0000019c",
"key_handle": "0x000001a0",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC",
"regkey_r": "WIC",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1617
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"options": 0
},
"time": 1574787195.280375,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 1625
}
],
"references": [],
"name": "queries_programs"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.0789849758148193,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.062810897827148,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.0395119190216064,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0149848461151123,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.0575850009918213,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.6049458980560303,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.10307002067565918,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.0357608795166016,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.0360138416290283,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.142216920852661,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "731687fe069b58c6d54037d28148d831e96e94376e205de5cc52876a8eb12a44",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "8fa7b54864f6f64be3d89cd05d865ded6f9ed2375ca19e97b0ff47cc843ce144",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 98762fdebb7780d29683b4bc3c572a96 |
| SHA256 | 314b6c16e3bd09c12251a51d71d3d3db97b78df294f652dfb394fefd31329cd1 |
Error Messages
These are some of the error messages that can appear related to intel-driver-and-support-assistant-installer.exe:
intel-driver-and-support-assistant-installer.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
intel-driver-and-support-assistant-installer.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
Intel® Driver & Support Assistant has stopped working.
End Program - intel-driver-and-support-assistant-installer.exe. This program is not responding.
intel-driver-and-support-assistant-installer.exe is not a valid Win32 application.
intel-driver-and-support-assistant-installer.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.