Edit tour

Windows Analysis Report
Setup_OpenUtilitiesMapx64_24.00.00.011.exe

Overview

General Information

Sample name:Setup_OpenUtilitiesMapx64_24.00.00.011.exe
Analysis ID:1670571
MD5:357a952831051d757359cadc23b43f43
SHA1:5cc270135b1925ae6b51004f22820eb2f94d21a4
SHA256:a33de435ee5de842b967ae90f0bdbfbf6d6eb067fb1932828706ee4439f72479
Infos:

Detection

Score:21
Range:0 - 100
Confidence:20%

Signatures

Drops HTML or HTM files to system directories
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Setup_OpenUtilitiesMapx64_24.00.00.011.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" MD5: 357A952831051D757359CADC23B43F43)
    • Setup_OpenUtilitiesMapx64_24.00.00.011.exe (PID: 7368 cmdline: "C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.clean.room="C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.filehandle.attached=528 -burn.filehandle.self=548 MD5: 1B4C96DA3533ADE3A50D0D34DA728F28)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-21T21:57:49.346158+020028033053Unknown Traffic192.168.2.64968920.119.128.12443TCP

Click to jump to signature section

Show All Signature Results
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 20.119.128.12:443 -> 192.168.2.6:49688 version: TLS 1.2
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: F:\agent\_work\3\b\Winx64\Build\PowerPlatform\mdlappobj\ObjectEnablerLookUpExtension.beext\Win32\Release\ObjectEnablerLookUpExtension.beext.pdb source: ObjectEnablerLookUpExtension.beext.dll.1.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Newtonsoft.Json.dll.1.dr
Source: Binary string: F:\agent\_work\3\b\Winx64\build\PowerPlatform\PPInstallerExtension\PPInstallerExtension.beext.pdbb*|* n*_CorDllMainmscoree.dll source: PPInstallerExtension.beext.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\RedefinePackageCache\Out\RedefineWixPackageCacheExe.pdb source: RedefineWixPackageCacheExe.exe.1.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.1.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\WixInstallBA\WixInstallBA.pdbt source: WixInstallBA.dll.1.dr
Source: Binary string: C:\Users\Jonathan\Desktop\Z\zzzproject\HtmlAgilityPack\HtmlAgilityPack\obj\Release\HtmlAgilityPack.pdb source: HtmlAgilityPack.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\core\BootstrapperCore.pdb source: BootstrapperCore.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\winterop.pdb source: Winterop.dll.1.dr
Source: Binary string: pdbaMicrosoft.Tools.WindowsInstallerXml.Xsd.pdbs.xsdUhttp://schemas.microsoft.com/wix/2006/pdbs source: Wix.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\wix\wix.pdb source: Wix.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\wix\wix.pdb< source: Wix.dll.1.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\WixInstallBA\WixInstallBA.pdb source: WixInstallBA.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.1.dr
Source: Binary string: F:\agent\_work\3\b\Winx64\build\PowerPlatform\PPInstallerExtension\PPInstallerExtension.beext.pdb source: PPInstallerExtension.beext.dll.1.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\SetupPagesLib\SetupPagesLib.pdb source: SetupPagesLib.dll.1.dr
Source: Binary string: Microsoft.Tools.WindowsInstallerXml.Xsd.pdbs.xsd source: Wix.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb4 source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr
Source: Binary string: F:\agent\_work\3\b\Winx64\Build\PowerPlatform\mdlappobj\ObjectEnablerLookUpExtension.beext\Win32\Release\ObjectEnablerLookUpExtension.beext.pdb8iRi Di_CorDllMainmscoree.dll source: ObjectEnablerLookUpExtension.beext.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\mbahost.pdb source: mbahost.dll.1.dr
Source: global trafficHTTP traffic detected: GET /ODPayloadPathResolverExternal/0 HTTP/1.1Host: aka.bentley.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /MicroStation_KB_Requirements/0 HTTP/1.1Host: aka.bentley.com
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49689 -> 20.119.128.12:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ODPayloadPathResolverExternal/0 HTTP/1.1Host: aka.bentley.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /MicroStation_KB_Requirements/0 HTTP/1.1Host: aka.bentley.com
Source: global trafficDNS traffic detected: DNS query: aka.bentley.com
Source: global trafficDNS traffic detected: DNS query: communities.bentley.com
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aka.bentley.com
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.drString found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://communities.bentley.com
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://james.newtonking.com/projects/json
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0K
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/)
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/IPrerequisiteService/GetDataResponse
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/IPrerequisiteService/GetDataT
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/IPrerequisiteService/GetDataUsingDataContractResponseg
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/IPrerequisiteService/GetDataUsingDataContractT
Source: WixInstallBA.dll.1.drString found in binary or memory: http://tempuri.org/T
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com
Source: Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: Wix.dll.1.drString found in binary or memory: http://wixtoolset.org/documentation/error217/
Source: Wix.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: http://wixtoolset.org/news/
Source: Microsoft.Deployment.WindowsInstaller.dll.1.drString found in binary or memory: http://wixtoolset.org/releases/
Source: BootstrapperCore.dll.1.drString found in binary or memory: http://wixtoolset.org/releases/SCreating
Source: mbapreq.thm.1.drString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: WixInstallBA.dll.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WixInstallBA.dll.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: WixInstallBA.dll.1.drString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmp, SetupPagesLib.dll.1.drString found in binary or memory: http://www.bentley.com
Source: WixInstallBA.dll.1.drString found in binary or memory: http://www.bentley.com/GetPrerequisiteManifestsT
Source: WixInstallBA.dll.1.drString found in binary or memory: http://www.bentley.com/PrerequisiteService/GetPrerequisiteManifestsResponse#
Source: WixInstallBA.dll.1.drString found in binary or memory: http://www.bentley.com/PrerequisiteService/GetPrerequisiteMappingsResponse
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr, mbapreq.dll.1.dr, WixInstallBA.dll.1.dr, ObjectEnablerLookUpExtension.beext.dll.1.dr, SetupPagesLib.dll.1.dr, mbahost.dll.1.dr, RedefineWixPackageCacheExe.exe.1.dr, PPInstallerExtension.beext.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.bentle
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA9000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.bentley.com
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.bentley.com/MicroStation_KB_Requirements/0
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004B8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.bentley.com/ODPayloadPathResolverExter
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004B8B000.00000004.00000800.00020000.00000000.sdmp, OpenUtilities_Map_2024_20250421155738.log.1.drString found in binary or memory: https://aka.bentley.com/ODPayloadPathResolverExternal/0
Source: WixInstallBA.dll.1.drString found in binary or memory: https://buddi.bentley.com/WebService/GetUrl?url=
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://communities.bentleL
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://communities.bentley.com
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3661799042.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3665416700.0000000003520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://communities.bentley.com/products/default.aspx
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187661502.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1499123354.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187743417.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1680805704.0000000001243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://communities.bentley.com/products/default.aspx3/
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://communities.bentley.com/products/default.aspxb
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://communities.bentley.com/products/microstation/w/microstation__wiki/38230/windows-kb-requirem
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA9000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://connect-updateservicev2.bentley.com/api/v2/PayloadResolver/
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3661799042.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001028000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3665416700.0000000003520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://softwaredownloads.bentley.com/
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187661502.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1499123354.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187743417.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1680805704.0000000001243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://softwaredownloads.bentley.com/P
Source: mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drString found in binary or memory: https://wixtoolset.org/
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3661799042.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3665416700.0000000003520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bentley.com/
Source: Eula.htm.1.drString found in binary or memory: https://www.bentley.com/legal/eula.
Source: Eula.htm.1.drString found in binary or memory: https://www.bentley.com/legal/eula_en.txt.
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001028000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bentley.com/p
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownHTTPS traffic detected: 20.119.128.12:443 -> 192.168.2.6:49688 version: TLS 1.2
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess Stats: CPU usage > 49%
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1499123354.0000000001214000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Setup_OpenUtilitiesMapx64_24.00.00.011.exe
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.00000000011F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Setup_OpenUtilitiesMapx64_24.00.00.011.exe
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Setup_OpenUtilitiesMapx64_24.00.00.011.exe
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1680805704.0000000001215000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Setup_OpenUtilitiesMapx64_24.00.00.011.exe
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engineClassification label: sus21.winEXE@3/50@2/1
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMutant created: NULL
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMutant created: \Sessions\1\BaseNamedObjects\{89e7e442-b479-45de-a652-f50920f301de}-InstallMutex
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\Jump to behavior
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Wix.dll.1.drBinary or memory string: SELECT `Component_` FROM `FeatureComponents` WHERE `Feature_` = ?iSELECT `FileSize` FROM `File` WHERE `Component_` = ?/SELECT * FROM `Feature`;SELECT `Cabinet` FROM `Media`
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile read: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe "C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe"
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess created: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe "C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.clean.room="C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.filehandle.attached=528 -burn.filehandle.self=548
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess created: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe "C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.clean.room="C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.filehandle.attached=528 -burn.filehandle.self=548 Jump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wuapi.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: wups.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: updatepolicy.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: certificate valid
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic file information: File size 2897096 > 1048576
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: F:\agent\_work\3\b\Winx64\Build\PowerPlatform\mdlappobj\ObjectEnablerLookUpExtension.beext\Win32\Release\ObjectEnablerLookUpExtension.beext.pdb source: ObjectEnablerLookUpExtension.beext.dll.1.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Newtonsoft.Json.dll.1.dr
Source: Binary string: F:\agent\_work\3\b\Winx64\build\PowerPlatform\PPInstallerExtension\PPInstallerExtension.beext.pdbb*|* n*_CorDllMainmscoree.dll source: PPInstallerExtension.beext.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\RedefinePackageCache\Out\RedefineWixPackageCacheExe.pdb source: RedefineWixPackageCacheExe.exe.1.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.1.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\WixInstallBA\WixInstallBA.pdbt source: WixInstallBA.dll.1.dr
Source: Binary string: C:\Users\Jonathan\Desktop\Z\zzzproject\HtmlAgilityPack\HtmlAgilityPack\obj\Release\HtmlAgilityPack.pdb source: HtmlAgilityPack.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\core\BootstrapperCore.pdb source: BootstrapperCore.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\winterop.pdb source: Winterop.dll.1.dr
Source: Binary string: pdbaMicrosoft.Tools.WindowsInstallerXml.Xsd.pdbs.xsdUhttp://schemas.microsoft.com/wix/2006/pdbs source: Wix.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\wix\wix.pdb source: Wix.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\wix\wix.pdb< source: Wix.dll.1.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\WixInstallBA\WixInstallBA.pdb source: WixInstallBA.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.1.dr
Source: Binary string: F:\agent\_work\3\b\Winx64\build\PowerPlatform\PPInstallerExtension\PPInstallerExtension.beext.pdb source: PPInstallerExtension.beext.dll.1.dr
Source: Binary string: F:\agent\_work\1\b\Winx64\build\InstallFramework\SetupPagesLib\SetupPagesLib.pdb source: SetupPagesLib.dll.1.dr
Source: Binary string: Microsoft.Tools.WindowsInstallerXml.Xsd.pdbs.xsd source: Wix.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb4 source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.dr
Source: Binary string: F:\agent\_work\3\b\Winx64\Build\PowerPlatform\mdlappobj\ObjectEnablerLookUpExtension.beext\Win32\Release\ObjectEnablerLookUpExtension.beext.pdb8iRi Di_CorDllMainmscoree.dll source: ObjectEnablerLookUpExtension.beext.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.1.dr
Source: Binary string: C:\agent\_work\36\s\wix\build\ship\x86\mbahost.pdb source: mbahost.dll.1.dr
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: Newtonsoft.Json.dll.1.drStatic PE information: 0x8AD6F8DA [Sun Oct 25 00:03:38 2043 UTC]
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exeStatic PE information: section name: .wixburn
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.drStatic PE information: section name: .wixburn

Persistence and Installation Behavior

barindex
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Eula.htmJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Interop.Shell32.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\PPInstallerExtension.beext.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Winterop.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbapreq.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\WixInstallBA.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Wix.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\ObjectEnablerLookUpExtension.beext.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\BootstrapperCore.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\RedefineWixPackageCacheExe.exeJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\SetupPagesLib.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbahost.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Interop.Shell32.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\PPInstallerExtension.beext.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Winterop.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbapreq.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\WixInstallBA.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Wix.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\ObjectEnablerLookUpExtension.beext.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\BootstrapperCore.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\RedefineWixPackageCacheExe.exeJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\SetupPagesLib.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeFile created: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbahost.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMemory allocated: 3300000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMemory allocated: 4530000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMemory allocated: 3460000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMemory allocated: FFD0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMemory allocated: 10FD0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599883Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599730Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599627Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599493Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599379Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599256Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599129Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599001Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598874Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598766Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598665Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598555Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598443Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598315Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598187Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598083Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597947Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597842Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597741Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597628Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597500Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597396Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597260Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597151Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597050Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596924Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596796Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596685Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596429Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596321Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596206Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596078Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595974Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595838Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595735Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595614Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595486Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595360Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595232Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595130Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595009Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeWindow / User API: threadDelayed 4483Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeWindow / User API: threadDelayed 5274Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\PPInstallerExtension.beext.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Winterop.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbapreq.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\WixInstallBA.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\ObjectEnablerLookUpExtension.beext.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Wix.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\RedefineWixPackageCacheExe.exeJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\BootstrapperCore.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\SetupPagesLib.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Newtonsoft.Json.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeDropped PE file which has not been started: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbahost.dllJump to dropped file
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -28592453314249787s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599883s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599730s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599627s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599493s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599379s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599256s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599129s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -599001s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598874s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598766s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598665s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598555s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598443s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598315s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598187s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -598083s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597947s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597842s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597741s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597628s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597500s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597396s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597260s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597151s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -597050s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596924s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596796s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596685s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596429s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596321s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596206s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -596078s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595974s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595838s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595735s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595614s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595486s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595360s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595232s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595130s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe TID: 7924Thread sleep time: -595009s >= -30000sJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599883Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599730Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599627Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599493Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599379Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599256Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599129Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 599001Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598874Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598766Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598665Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598555Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598443Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598315Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598187Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 598083Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597947Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597842Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597741Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597628Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597500Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597396Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597260Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597151Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 597050Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596924Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596796Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596685Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596429Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596321Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596206Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 596078Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595974Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595838Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595735Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595614Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595486Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595360Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595232Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595130Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeThread delayed: delay time: 595009Jump to behavior
Source: Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1358787095.000000000DB41000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1824594376.000000000DB41000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1475720342.000000000DB43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exeProcess created: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe "C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.clean.room="C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.filehandle.attached=528 -burn.filehandle.self=548 Jump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\BootstrapperCore.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\WixInstallBA.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Newtonsoft.Json.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\ObjectEnablerLookUpExtension.beext.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\ObjectEnablerLookUpExtension.beext.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\PPInstallerExtension.beext.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\PPInstallerExtension.beext.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\SetupPagesLib.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\SetupPagesLib.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
11
Process Injection
1
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Disable or Modify Tools
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion
Security Account Manager31
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDS1
Application Window Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp
LSA Secrets12
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1670571 Sample: Setup_OpenUtilitiesMapx64_2... Startdate: 21/04/2025 Architecture: WINDOWS Score: 21 24 waws-prod-bn1-207.sip.azurewebsites.windows.net 2->24 26 waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com 2->26 28 4 other IPs or domains 2->28 6 Setup_OpenUtilitiesMapx64_24.00.00.011.exe 3 2->6         started        process3 file4 14 Setup_OpenUtilitie...64_24.00.00.011.exe, PE32 6->14 dropped 9 Setup_OpenUtilitiesMapx64_24.00.00.011.exe 15 80 6->9         started        process5 dnsIp6 30 waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com 20.119.128.12, 443, 49688, 49689 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->30 16 C:\Windows\Temp\...ula.htm, HTML 9->16 dropped 18 C:\Windows\Temp\...\mbapreq.dll, PE32 9->18 dropped 20 C:\Windows\Temp\...\mbahost.dll, PE32 9->20 dropped 22 12 other files (none is malicious) 9->22 dropped 32 Drops HTML or HTM files to system directories 9->32 file7 signatures8

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\BootstrapperCore.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Interop.Shell32.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Newtonsoft.Json.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\ObjectEnablerLookUpExtension.beext.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\PPInstallerExtension.beext.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\RedefineWixPackageCacheExe.exe0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\SetupPagesLib.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Winterop.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Wix.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\WixInstallBA.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbahost.dll0%ReversingLabs
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\mbapreq.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://aka.bentle0%Avira URL Cloudsafe
https://softwaredownloads.bentley.com/P0%Avira URL Cloudsafe
http://aka.bentley.com0%Avira URL Cloudsafe
https://aka.bentley.com/ODPayloadPathResolverExternal/00%Avira URL Cloudsafe
http://wixtoolset.org/releases/SCreating0%Avira URL Cloudsafe
https://aka.bentley.com/ODPayloadPathResolverExter0%Avira URL Cloudsafe
https://aka.bentley.com0%Avira URL Cloudsafe
https://communities.bentleL0%Avira URL Cloudsafe
https://softwaredownloads.bentley.com/0%Avira URL Cloudsafe
http://wixtoolset.org/documentation/error217/0%Avira URL Cloudsafe
https://aka.bentley.com/MicroStation_KB_Requirements/00%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com
20.119.128.12
truefalse
    high
    communities.bentley.com
    89.106.200.1
    truefalse
      high
      aka.bentley.com
      unknown
      unknownfalse
        unknown
        NameMaliciousAntivirus DetectionReputation
        https://aka.bentley.com/ODPayloadPathResolverExternal/0false
        • Avira URL Cloud: safe
        unknown
        https://aka.bentley.com/MicroStation_KB_Requirements/0false
        • Avira URL Cloud: safe
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://buddi.bentley.com/WebService/GetUrl?url=WixInstallBA.dll.1.drfalse
          high
          http://www.bentley.comSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmp, SetupPagesLib.dll.1.drfalse
            high
            https://communities.bentley.com/products/default.aspxSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3661799042.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3665416700.0000000003520000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              https://www.bentley.com/legal/eula.Eula.htm.1.drfalse
                high
                http://tempuri.org/IPrerequisiteService/GetDataUsingDataContractTWixInstallBA.dll.1.drfalse
                  high
                  http://wixtoolset.org/schemas/thmutil/2010mbapreq.thm.1.drfalse
                    high
                    http://www.bentley.com/PrerequisiteService/GetPrerequisiteMappingsResponseWixInstallBA.dll.1.drfalse
                      high
                      https://www.newtonsoft.com/jsonNewtonsoft.Json.dll.1.drfalse
                        high
                        http://tempuri.org/WixInstallBA.dll.1.drfalse
                          high
                          http://wixtoolset.org/news/Wix.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drfalse
                            high
                            http://wixtoolset.org/releases/SCreatingBootstrapperCore.dll.1.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://aka.bentley.comSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedWixInstallBA.dll.1.drfalse
                              high
                              https://www.bentley.com/legal/eula_en.txt.Eula.htm.1.drfalse
                                high
                                https://aka.bentley.comSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA9000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://appsyndication.org/2006/appsynapplicationc:Setup_OpenUtilitiesMapx64_24.00.00.011.exe, Setup_OpenUtilitiesMapx64_24.00.00.011.exe.0.drfalse
                                  high
                                  https://connect-updateservicev2.bentley.com/api/v2/PayloadResolver/Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA9000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://www.bentley.com/pSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001028000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/IPrerequisiteService/GetDataTWixInstallBA.dll.1.drfalse
                                        high
                                        https://aka.bentleSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://communities.bentley.comSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/IPrerequisiteService/GetDataUsingDataContractResponsegWixInstallBA.dll.1.drfalse
                                            high
                                            http://tempuri.org/)WixInstallBA.dll.1.drfalse
                                              high
                                              http://communities.bentley.comSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://github.com/JamesNK/Newtonsoft.JsonNewtonsoft.Json.dll.1.drfalse
                                                    high
                                                    http://www.apache.org/licenses/LICENSE-2.0WixInstallBA.dll.1.drfalse
                                                      high
                                                      https://softwaredownloads.bentley.com/PSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187661502.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1499123354.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187743417.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1680805704.0000000001243000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://communities.bentley.com/products/microstation/w/microstation__wiki/38230/windows-kb-requiremSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004D63000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/soap/encoding/Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://www.bentley.com/Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3661799042.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3665416700.0000000003520000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://communities.bentleLSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004E1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vMicrosoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drfalse
                                                              high
                                                              http://www.bentley.com/PrerequisiteService/GetPrerequisiteManifestsResponse#WixInstallBA.dll.1.drfalse
                                                                high
                                                                http://tempuri.org/IPrerequisiteService/GetDataResponseWixInstallBA.dll.1.drfalse
                                                                  high
                                                                  http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.1.drfalse
                                                                    high
                                                                    http://www.bentley.com/GetPrerequisiteManifestsTWixInstallBA.dll.1.drfalse
                                                                      high
                                                                      https://communities.bentley.com/products/default.aspxbSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://wixtoolset.org/releases/Microsoft.Deployment.WindowsInstaller.dll.1.drfalse
                                                                          high
                                                                          https://aka.bentley.com/ODPayloadPathResolverExterSetup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1422435871.0000000004B8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.apache.org/licenses/LICENSE-2.0DigitizedWixInstallBA.dll.1.drfalse
                                                                            high
                                                                            https://communities.bentley.com/products/default.aspx3/Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187661502.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1499123354.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1187743417.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3658934163.0000000001243000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000003.1680805704.0000000001243000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.xmlsoap.org/wsdl/Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3667078682.0000000004531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.1.drfalse
                                                                                  high
                                                                                  http://tempuri.org/TWixInstallBA.dll.1.drfalse
                                                                                    high
                                                                                    https://softwaredownloads.bentley.com/Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180885843.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3661799042.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001028000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000002.3657002297.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000000.00000003.1180979754.0000000001074000.00000004.00000020.00020000.00000000.sdmp, Setup_OpenUtilitiesMapx64_24.00.00.011.exe, 00000001.00000002.3665416700.0000000003520000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://wixtoolset.org/mbapreq.dll.1.dr, mbahost.dll.1.dr, Microsoft.Deployment.WindowsInstaller.dll.1.dr, BootstrapperCore.dll.1.drfalse
                                                                                      high
                                                                                      https://www.nuget.org/packages/Newtonsoft.Json.BsonNewtonsoft.Json.dll.1.drfalse
                                                                                        high
                                                                                        http://wixtoolset.org/documentation/error217/Wix.dll.1.drfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs
                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        20.119.128.12
                                                                                        waws-prod-bn1-207-3057.eastus2.cloudapp.azure.comUnited States
                                                                                        8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                        Analysis ID:1670571
                                                                                        Start date and time:2025-04-21 21:56:46 +02:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 8m 14s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:13
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                        Detection:SUS
                                                                                        Classification:sus21.winEXE@3/50@2/1
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe
                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 184.29.183.29, 4.175.87.197
                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        TimeTypeDescription
                                                                                        15:57:47API Interceptor11683065x Sleep call for process: Setup_OpenUtilitiesMapx64_24.00.00.011.exe modified
                                                                                        No context
                                                                                        No context
                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSSTATEMENT COMPLETED_DOCUMENT.rtfGet hashmaliciousUnknownBrowse
                                                                                        • 150.171.22.12
                                                                                        STATEMENT COMPLETED_DOCUMENT.rtfGet hashmaliciousUnknownBrowse
                                                                                        • 150.171.22.12
                                                                                        z3hir.armGet hashmaliciousMiraiBrowse
                                                                                        • 40.93.239.100
                                                                                        phish_alert_iocp_v1.4.48 (67).emlGet hashmaliciousUnknownBrowse
                                                                                        • 20.42.65.88
                                                                                        https://m365.us.vadesecure.com/safeproxy/v4?f=A43Lnln7zwVvg7mFcyUmnsif8phZnkThXmVew9noteI0a_fhBPb2ilLbqOZcKKy_&i=x2BXNMSkLQ7uGcdts5mimeEbw_U9UkTCxExj2adkXh5FIGpdsJWsUncPNRFAvCCt32U_CEUGsnd3ARq-Q1b9Fw&k=P5b3&r=GVHt9Ae-g1hOoBQIi3x0jOLExXK0myn3cNkBkSJljFLHNh4jjywatuSeJZxrhZBd&s=e2f298e6a92fd3ec5eced07bbec072e4dfa42d34ae3fbe92ff89973e62d4ebe0&u=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__1.stealmarkso.com_%26d%3DDwMFAw%26c%3DeuGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r%3D5B1_R__KW843kwBcy22_MQ%26m%3DYhjzBcqAjiluYme5UCMNIo932j8LXCPb--Dzx-AsDTMVGTjjQjZndfDMHD1nx1fx%26s%3D8kCxpnydigUspCqwOT2yK7gvmFUOJWaWDQzOnFlm3dw%26e%3DGet hashmaliciousUnknownBrowse
                                                                                        • 13.68.138.172
                                                                                        MDE_File_Sample_634958a59c453f5855a0b024811f4992d81e21c0.zipGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                        • 204.79.197.203
                                                                                        email (1).emlGet hashmaliciousUnknownBrowse
                                                                                        • 52.109.0.142
                                                                                        email (1).emlGet hashmaliciousUnknownBrowse
                                                                                        • 52.123.128.14
                                                                                        http://url7554.impulseup.com/ls/click?upn=u001.9-2FTADgI74e2OWE2P3fvtm3ks0lxIlIFyP5IwbLoDgBuxxxaTOIUzJMW49-2B9jqW6yELBC1ZQRMe6TWLgjPYTu0LiDQ0w3txTcOK6-2FV2ifPZbRaLIwmmOQ1GMQC9dU6RWb2aeLLtDeODHngY3VjjXvJO6oKDlYY-2FrsIGLii2s3kEKAZFDtf-2BL31aMPuCVwlwPCr7PEQRptcwz1QBhdaSd2LGMdK1VJSRTe40dM32Z7Jz2jBBbK0UwZYo0lLPRxihoyt5eczvkRV2tuefWun26R7i639CvHIPVt6rH7EVtY4Yq4-2BX81bSKNRYMont-2BURzxOXvIrvc-2FmXDxBQFquNv8hCg-3D-3DPxtu_kuLj0dlFrLQsusO5Mbu6XvxpF4v8Jh1YKIsyjo7kzqXHRNE-2FOEVeSM0JICDQ5Tjy3bDgrl5OEVa68odvHNoZBJ6QfGYxcZ7BcXQ0WuvBPrC4VIuEfyEiZxZfLfZFvQ5wdhpAQB1fL-2FQ-2FmD3MevXlsgh-2FpnZWiDIriKQI8exmRbTtK9cjB1NJ40PcJ-2B0p5yN6nYDdiFYbxlYib2Opu1bSYg-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.246.71
                                                                                        FW Deal Sheet & Commitment-New Deal.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                        • 52.109.0.142
                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        3b5074b1b5d032e5620f69f9f700ff0emalicious.batGet hashmaliciousUnknownBrowse
                                                                                        • 20.119.128.12
                                                                                        Payment reciept.pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                        • 20.119.128.12
                                                                                        BEPZA MT103 Credit.pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                        • 20.119.128.12
                                                                                        SecuriteInfo.com.Trojan.Mardom.PN.11.17656.13789.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                        • 20.119.128.12
                                                                                        tos.js.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 20.119.128.12
                                                                                        3453 invoice&packing list.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 20.119.128.12
                                                                                        SecuriteInfo.com.suspected.of.Trojan.MSIL.MAComb.Heur.7895.12523.exeGet hashmaliciousUnknownBrowse
                                                                                        • 20.119.128.12
                                                                                        SecuriteInfo.com.suspected.of.Trojan.MSIL.MAComb.Heur.7895.12523.exeGet hashmaliciousUnknownBrowse
                                                                                        • 20.119.128.12
                                                                                        SecuriteInfo.com.BackDoor.SiggenNET.71.1887.20790.exeGet hashmaliciousUnknownBrowse
                                                                                        • 20.119.128.12
                                                                                        SecuriteInfo.com.Trojan.MulDrop30.46617.18825.26126.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                        • 20.119.128.12
                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dllhKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                          C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dllPhishAlertButtonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:ASCII text, with very long lines (511), with CRLF, LF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):26665
                                                                                            Entropy (8bit):5.472331873627919
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:xnpsyQ/7nE5xUs0T2dW61aao9edY+EMtwmzsY/p:xnO//o90T2dW6jdY+VpsY/p
                                                                                            MD5:CC1A57DE58DD76D691C6191ECD31EF46
                                                                                            SHA1:9F9FDBD268A85F3ACC17C5E2E89E1CFD366CA11F
                                                                                            SHA-256:78BD5385CD7287D0B2AC4D79810AFABFFA0425338AC3D70C90A4E77ABC190929
                                                                                            SHA-512:BE3D98FC44C43B6328DB43D4622686590041E7C199335B95795B928AC56904E9BD3AEB888834C63569AC9C943341362528B15EEF4D9D6FB6F2D078F0B1A97F75
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:[1CC8:1CCC][2025-04-21T15:57:37]i001: Burn v3.14.1.8722, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe..[1CC8:1CCC][2025-04-21T15:57:37]i000: Initializing string variable 'BeExeName' to value 'OpenUtilitiesMap'..[1CC8:1CCC][2025-04-21T15:57:37]i000: Initializing string variable 'LANGUAGE_3ccWin' to value 'ENU'..[1CC8:1CCC][2025-04-21T15:57:37]i000: Initializing string variable 'BeApplicationToLaunchAfterInstallation' to value '[InstallDirectory]OpenUtilitiesMap\ActivationWizard.exe'..[1CC8:1CCC][2025-04-21T15:57:37]i000: Initializing string variable 'BeApplicationToLaunchAfterInstallationArgs' to value '-productid:1000 -version:1000=[WixBundleVersion] -language:[LANGUAGE_3ccWin]'..[1CC8:1CCC][2025-04-21T15:57:37]i000: Initializing string variable 'AddedPackagePageName' to value 'AddedPackagePage'..[1CC8:1CCC][2025-04-21T15:57:37]i000: Initializing string variable 'PowerProductPack
                                                                                            Process:C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):2735248
                                                                                            Entropy (8bit):7.924729718133504
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:yLZ5zot7Gnxu7LElC5tRnLuiFz9tVoLeuDPb7RI3evHESsUlWiATxwt+:yLZ1oF7L8CRnaiF5oLvjbtzvHEntiATP
                                                                                            MD5:1B4C96DA3533ADE3A50D0D34DA728F28
                                                                                            SHA1:CB623A2290A822C744714F29ABFA771C04E4183A
                                                                                            SHA-256:C1DB12B95B40E4D2C3EDDB624C8EA3AB0C88DB86760F6256E0860248C332FFD8
                                                                                            SHA-512:55C3BCB58761F8E8BBD3659C7068AF76483A390038CFE32F871DF43AD270AE65EE881F5CE6C3ACBF7BD4443D465A96D343C45197AB611405BF46BA7C168F8B51
                                                                                            Malicious:true
                                                                                            Reputation:low
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]aN.<...<...<...L...<...L..j<...T...<...T...<...T...<...L...<...L...<...L...<...<...=..PU...<..PU...<...<...<..PU...<..Rich.<..........................PE..L......e..........................................@...................................*...@.............................................:..........X.).8)...P...>.....T...................4........F..@...................T........................text...>........................... ..`.rdata..&...........................@..@.data...<...........................@....wixburn8...........................@..@.rsrc....:.......<..................@..@.reloc...>...P...@..................@..B........................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2025
                                                                                            Entropy (8bit):6.231406644010833
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE
                                                                                            MD5:1D4B831F77EFEC96FFBC70BC4B59B8B5
                                                                                            SHA1:1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB
                                                                                            SHA-256:1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C
                                                                                            SHA-512:C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-tw" Language="1028" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName] ...... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive | /quiet - ...... UI ............ UI ... ........... UI ........../norestart - ................UI ............./log log.txt - ............ %TEMP% ......</String>.. <Stri
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2458
                                                                                            Entropy (8bit):5.36165936198009
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS
                                                                                            MD5:CC8C6D04DC707B38E0F0C08BA16FE49B
                                                                                            SHA1:95EA7F570677AEA52393D02FDB21CEBB218A7343
                                                                                            SHA-256:DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9
                                                                                            SHA-512:A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="cs-cz" Language="1029" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalace produktu [WixBundleName]</String>.. <String Id="Title">Pro instalaci produktu [WixBundleName] je vy.adov.no rozhran. Microsoft .NET Framework.</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/passive | /quiet - Zobraz. minim.ln. u.ivatelsk. rozhran. bez jak.chkoli.. v.zev, nebo nezobraz. ..dn. u.ivatelsk. rozhran. ani ..dn. v.zvy. Ve v.choz.m.. nastaven. se jak u.ivatelsk. rozhran., tak i v.echny v.zvy zobrazuj....../norestart - Potla.. jak.koli p
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2286
                                                                                            Entropy (8bit):5.061915970731254
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF
                                                                                            MD5:7C6E4CE87870B3B5E71D3EF4555500F8
                                                                                            SHA1:E831E8978A48BEAFA04AAD52A564B7EADED4311D
                                                                                            SHA-256:CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
                                                                                            SHA-512:2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="da-dk" Language="1030" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation af [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework skal v.re installeret i forbindelse med Installationen af [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Er du sikker p., at du vil annullere?</String>.. <String Id="HelpHeader">Hj.lp til installation</String>.. <String Id="HelpText">/passive | /quiet - viser en minimal brugergr.nseflade uden prompter eller.. viser ingen brugergr.nseflade og ingen prompter... Brugergr.nsefladen og alle prompter vises som standard...../norestart - skjuler fors.g p. genstart. Der vises som standard en.. foresp.rgse
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2442
                                                                                            Entropy (8bit):5.094465051245675
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD
                                                                                            MD5:C8E7E0B4E63B3076047B7F49C76D56E1
                                                                                            SHA1:4E44E656A0D552B2FFD65911CB45245364E5DBF3
                                                                                            SHA-256:631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295
                                                                                            SHA-512:FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="de-de" Language="1031" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <UI Control="InstallButton" Width="180" />.. .. <String Id="Caption">[WixBundleName]-Setup</String>.. <String Id="Title">F.r das [WixBundleName]-Setup ist Microsoft .NET Framework erforderlich.</String>.. <String Id="ConfirmCancelMessage">Sind Sie sicher, dass Sie den Vorgang abbrechen m.chten?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne.. Eingabeaufforderungen oder keine Benutzeroberfl.che und keine.. Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und.. alle Eingabeaufforderungen angezeigt...../no
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):3400
                                                                                            Entropy (8bit):5.279888750092028
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk
                                                                                            MD5:074D5921AF07E6126049CB45814246ED
                                                                                            SHA1:91D4BDDA8D2B703879CFE2C28550E0A46074FA57
                                                                                            SHA-256:B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5
                                                                                            SHA-512:28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="el-gr" Language="1032" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">........... ... [WixBundleName]</String>.. <String Id="Title">... ... ........... ... [WixBundleName] .......... .. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">..... ....... ... ...... .. ..... .......;</String>.. <String Id="HelpHeader">....... ... ... ...........</String>.. <String Id="HelpText">/passive | /quiet - ......... ........ ........... ... ............. .......... ...... ..... ........ . ... ..
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2235
                                                                                            Entropy (8bit):5.142592159444541
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs
                                                                                            MD5:E338408F1101499EB22507A3451F7B06
                                                                                            SHA1:83B42F9D7307265A108FC339D0460D36B66A8B94
                                                                                            SHA-256:B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3
                                                                                            SHA-512:F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fi-fi" Language="1035" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] -asennus</String>.. <String Id="Title">Microsoft .NET Framework tarvitaan [WixBundleName] -asennusta varten</String>.. <String Id="ConfirmCancelMessage">Haluatko varmasti peruuttaa?</String>.. <String Id="HelpHeader">Asennusohjelman ohje</String>.. <String Id="HelpText">/passive | /quiet - n.ytt.. mahdollisimman v.h.n k.ytt.liittym.st.; ei.. kehotteita tai ei k.ytt.liittym.. ja kehotteita. Oletusarvoisesti.. k.ytt.liittym. ja kaikki kehotteet n.ytet..n...../norestart - est.. uudelleenk.ynnistysyritykset. Oletusarvoisesti.. k.ytt.liittym. kysyy ennen uudelleenk.yn
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2306
                                                                                            Entropy (8bit):5.076293283609686
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY
                                                                                            MD5:AA32A059AADD42431F7837CB1BE7257F
                                                                                            SHA1:4CD21661E341080FB8C2DEFD9F32F134561FC3BA
                                                                                            SHA-256:88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9
                                                                                            SHA-512:78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fr-fr" Language="1036" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework requis pour l'installation de [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.tes-vous s.r de vouloir annuler.?</String>.. <String Id="HelpHeader">Aide de l'installation</String>.. <String Id="HelpText">/passive | /quiet - affiche une interface minimale sans invites ou n'affiche.. aucune interface ni aucune invite. Par d.faut, l'interface et toutes les.. invites sont affich.es...../norestart - annule toute tentative de red.marrage. Par d.faut, l'interface.. affiche une invite avant de red.marrer..
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2392
                                                                                            Entropy (8bit):5.293225307744296
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr
                                                                                            MD5:17FB605A2F02DA203DF06F714D1CC6DE
                                                                                            SHA1:3A71D13D4CCA06116B111625C90DD1C451EA9228
                                                                                            SHA-256:55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF
                                                                                            SHA-512:D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="hu-hu" Language="1038" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] telep.t.</String>.. <String Id="Title">A(z) [WixBundleName] telep.t.s.hez Microsoft .NET-keretrendszer sz.ks.ges</String>.. <String Id="ConfirmCancelMessage">Biztosan megszak.tja?</String>.. <String Id="HelpHeader">A telep.t. s.g.ja</String>.. <String Id="HelpText">/passive | /quiet - Minim.lis felhaszn.l.i fel.let megjelen.t.se k.rd.sek.. n.lk.l, illetve felhaszn.l.i fel.let .s k.rd.sek megjelen.t.se n.lk.li.. telep.t.s. Alapesetben a felhaszn.l.i fel.let .s minden k.rd.s megjelenik...../norestart - Az .jraind.t.si k.r.sek elrejt.se. Alapeset
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2304
                                                                                            Entropy (8bit):4.985260685429469
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp
                                                                                            MD5:50261379B89457B1980FF19CFABE6A08
                                                                                            SHA1:F80B1F416539D33206CE3C24BA3B14B799A84813
                                                                                            SHA-256:A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7
                                                                                            SHA-512:BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="it-it" Language="1040" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework necessario per l'installazione di [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida dell'installazione</String>.. <String Id="HelpText">/passive | /quiet - visualizza l'interfaccia utente minima senza istruzioni.. oppure non visualizza n. l'interfaccia utente n. le istruzioni. Per.. impostazione predefinita vengono visualizzate interfaccia utente e.. istruzioni...../norestart - elimina eventuali tentativi di riavvio. Per impostazione.. predefinita l'int
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2545
                                                                                            Entropy (8bit):5.923292576429967
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz
                                                                                            MD5:DB0F5BAB42403FD67C0A18E35E6880EC
                                                                                            SHA1:C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC
                                                                                            SHA-256:CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE
                                                                                            SHA-512:589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ja-jp" Language="1041" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ......</String>.. <String Id="Title">[WixBundleName] ........ Microsoft .NET Framework .....</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/passive | /quiet - ... UI ....................UI.. .............. .....UI ....................../norestart - ........................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2236
                                                                                            Entropy (8bit):5.97627825234954
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY
                                                                                            MD5:442F8463EF5CA42B99B2EFACA696BD01
                                                                                            SHA1:67496DB91CBAA85AC0727B12FC2D35E990537DAC
                                                                                            SHA-256:D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD
                                                                                            SHA-512:A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ko-kr" Language="1042" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] ... ... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/passive | /quiet - ... .. .. UI. ..... UI. .... .... .... ..... ..... UI . .. .... ........../norestart - .. ..... ... ...... ..... UI. .. .... .. .... ......../log log.txt - .
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2312
                                                                                            Entropy (8bit):4.965432037520827
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl
                                                                                            MD5:67F28BCDB3BA6774CD66AA198B06FF38
                                                                                            SHA1:85D843B7248A5E1173FF9BD59CB73BB505F69B66
                                                                                            SHA-256:226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E
                                                                                            SHA-512:7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nl-nl" Language="1043" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installatie</String>.. <String Id="Title">Microsoft .NET Framework is vereist voor installatie [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Weet u zeker dat u de installatie wilt annuleren?</String>.. <String Id="HelpHeader">Help bij Setup</String>.. <String Id="HelpText">/passive | /quiet - geeft een minimale gebruikersinterface weer zonder prompts.. of geeft geen gebruikersinterface en geen prompts weer. Gebruikersinterface.. en alle prompts worden standaard weergegeven...../norestart - pogingen tot opnieuw opstarten onderdrukken... Gebruikersinterface vraagt standaard al
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2171
                                                                                            Entropy (8bit):5.089922193759582
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S
                                                                                            MD5:5454F724C9CDAB8172678A1CC7057220
                                                                                            SHA1:241A57018ACE1210881583A9CF646E7D2E51412F
                                                                                            SHA-256:41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113
                                                                                            SHA-512:40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nb-no" Language="1044" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installasjonsprogram</String>.. <String Id="Title">Microsoft .NET Framework kreves for [WixBundleName]-installasjon</String>.. <String Id="ConfirmCancelMessage">Er du sikker p. at du vil avbryte?</String>.. <String Id="HelpHeader">Installasjonshjelp</String>.. <String Id="HelpText">/passive | /quiet - viser minimalt brukergrensesnitt uten ledetekster, eller.. ikke noe brukergrensesnitt og ingen ledetekster. Som standard vises.. brukergrensesnitt og alle ledetekster...../norestart - undertrykker alle fors.k p. omstart. Som standard sp.r.. brukergrensesnittet f.r omstart.../log log.txt
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2368
                                                                                            Entropy (8bit):5.270514043715206
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L
                                                                                            MD5:96ACAAA5AEF7798E9048BAFF4C3FA8D3
                                                                                            SHA1:E76629973F6C1CFC06F60BA64FE9F237B2DB9698
                                                                                            SHA-256:F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C
                                                                                            SHA-512:964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pl-pl" Language="1045" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalator programu [WixBundleName]</String>.. <String Id="Title">Do zainstalowania programu [WixBundleName] jest wymagany program Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Pomoc instalatora</String>.. <String Id="HelpText">/passive | /quiet - wy.wietla minimalny interfejs u.ytkownika bez monit.w.. lub nie wy.wietla interfejsu u.ytkownika ani monit.w. Domy.lnie jest.. wy.wietlany interfejs u.ytkownika i wszystkie monity...../norestart - pomija wszelkie pr.by ponownego uruchomienia. Domy.lnie.. interf
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2147
                                                                                            Entropy (8bit):5.130635342194656
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6
                                                                                            MD5:BD39ADB6B872163FD2D570028E9F3213
                                                                                            SHA1:688B8A109688D3EA483548F29DE2E57A8A56C868
                                                                                            SHA-256:ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15
                                                                                            SHA-512:F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-br" Language="1046" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">Microsoft .NET Framework . necess.rio para instala..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/passive | /quiet - exibe UI m.nima sem avisos ou exibe sem UI e.. sem avisos. Por padr.o a UI e todos avisos s.o exibidos...../norestart - suprime qualquer tentativa de reinicializa..o. Por padr.o a UI.. ir. solicitar antes de reiniciar.../log log.txt - logs para um arquivo espec.fico. Por padr.
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2880
                                                                                            Entropy (8bit):5.408094213063887
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL
                                                                                            MD5:DAF167AF4031EF47E562056A7D51AA73
                                                                                            SHA1:0156B230CADD6169AC2820865E3C031ED79785EF
                                                                                            SHA-256:C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B
                                                                                            SHA-512:5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ru-ru" Language="1049" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">......... [WixBundleName]</String>.. <String Id="Title">... ......... [WixBundleName] ......... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........ ........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/passive | /quiet - ........... ............ .. ... ........ ... ...... ... .. .. . ............ .. ......... ............ .. . ... ......
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2701
                                                                                            Entropy (8bit):5.416644976437225
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAubHK/TAB9:8L1TuPdKNzfifFmcat0K/V4bd
                                                                                            MD5:776CDF9B481F0E857758E9BE2771AFDE
                                                                                            SHA1:06C320749964BB4107815D88A37C7451AE4284BF
                                                                                            SHA-256:63EC83F825844C8F568130FA0CA5FC72266B2F55196769327024E66E04CA2483
                                                                                            SHA-512:18B82E8CA973644A571A769E7E5B29832870AEA705BB67601B2E0BA3E3830BFD5547F08C19B8044859E12EBE5F1077CBF1C4E1DE27D6C1C3931C4A3AA2E3C899
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sk-sk" Language="1051" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] . in.tal.cia</String>.. <String Id="Title">Na in.tal.ciu aplik.cie [WixBundleName] sa vy.aduje s..as. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Naozaj chcete zru.i. oper.ciu?</String>.. <String Id="HelpHeader">Pomocn.k pre in.tal.ciu</String>.. <String Id="HelpText">/passive | /quiet . zobraz. minim.lne pou..vate.sk. rozhranie bez v.ziev alebo.. nezobraz. .iadne pou..vate.sk. rozhranie ani v.zvy. Predvolene sa.. zobrazuje pou..vate.sk. rozhranie aj v.etky v.zvy...../norestart . zru.. v.etky pokusy o re.tart. Pou..vate
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2132
                                                                                            Entropy (8bit):5.1255014007111495
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M
                                                                                            MD5:D95E81164C57B6FD75E7C3022454192E
                                                                                            SHA1:5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A
                                                                                            SHA-256:6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D
                                                                                            SHA-512:9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sv-se" Language="1053" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-installation</String>.. <String Id="Title">Microsoft .NET Framework kr.vs f.r installation av [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Vill du avbryta?</String>.. <String Id="HelpHeader">Installationshj.lp</String>.. <String Id="HelpText">/passive | /quiet - visar ett minimalt anv.ndargr.nssnitt utan prompter,.. alternativt inget anv.ndargr.nssnitt och inga prompter. Som standard visas.. anv.ndargr.nssnitt och samtliga prompter...../norestart - hejdar omstart. Som standard visar anv.ndargr.nssnittet en.. prompt f.re omstart.../log log.txt - skapar logg till
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2303
                                                                                            Entropy (8bit):5.2754753523795275
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg
                                                                                            MD5:01B200E06BA600A4EF00C00F7AAC5CE4
                                                                                            SHA1:22234426C42637E069A46217019551E4434A4AB6
                                                                                            SHA-256:06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D
                                                                                            SHA-512:8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="tr-tr" Language="1055" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName] kurulumu i.in Microsoft .NET Framework gerekir</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/passive | /quiet - komut istemi olmayan olabildi.ince k...k bir UI.. g.r.nt.ler veya komut istemi ve UI g.r.nt.lemez. Varsay.lan olarak UI.. ve t.m komut istemleri g.r.nt.lenir...../norestart - yeniden ba.latma denemelerini engeller. Varsay.lan.. olarak UI yeniden ba.latmadan .nce komut isteyecekt
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2200
                                                                                            Entropy (8bit):5.1485120966265
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL
                                                                                            MD5:5836F0C655BDD97093F68AAF69AB2BAB
                                                                                            SHA1:B6842E816F9E0DCC559A5692E4D26101D10B4B16
                                                                                            SHA-256:C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C
                                                                                            SHA-512:640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sl-si" Language="1060" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Namestitev</String>.. <String Id="Title">Microsoft .NET Framework, potreben za namestitev paketa [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Ali ste prepri.ani, da .elite preklicati?</String>.. <String Id="HelpHeader">Pomo. za namestitev</String>.. <String Id="HelpText">/passive | /quiet - prika.e minimalni uporabni.ki vmesnik brez pozivov ali ne prika.e.. uporabni.kega vmesnika in pozivov. Privzeto so prikazani uporabni.ki vmesnik in.. vsi pozivi...../norestart - skrije vse mo.nosti za vnovicni zagon. Privzeto uporabni.ki vmesnik.. prika.e poziv pred ponovnim zag
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1980
                                                                                            Entropy (8bit):6.189594519053644
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV
                                                                                            MD5:A34DCF7771198C779648B89156483E83
                                                                                            SHA1:A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F
                                                                                            SHA-256:89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6
                                                                                            SHA-512:0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-ch" Language="2052" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] .... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive | /quiet - ..... UI .......... UI ... ........... UI ........../norestart - .............. UI ........../log log.txt - .............. %TEMP% ........</String>.. <String Id="HelpCloseButton"
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2211
                                                                                            Entropy (8bit):5.1155097909395035
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6
                                                                                            MD5:8A278E519EF81B2847490EFB070219BC
                                                                                            SHA1:7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8
                                                                                            SHA-256:E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385
                                                                                            SHA-512:88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-pt" Language="2070" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Configura..o do [WixBundleName]</String>.. <String Id="Title">O Microsoft .NET Framework . necess.rio para a configura..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem a certeza de que pretende cancelar?</String>.. <String Id="HelpHeader">Ajuda da Configura..o</String>.. <String Id="HelpText">/passive | /quiet - apresenta IU m.nima sem mensagens ou n.o apresenta IU nem.. mensagens. Por predefini..o, s.o apresentadas a IU e todas as mensagens...../norestart - suprimir qualquer tentativa de rein.cio. Por predefini..o, a IU.. avisar. antes de reiniciar.../log log.txt - r
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2400
                                                                                            Entropy (8bit):4.992567587099768
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8
                                                                                            MD5:1024AA88AE01BC7BA797193CC6023375
                                                                                            SHA1:9252A309C1CB32573F4D58A595A78660FDF54B2F
                                                                                            SHA-256:B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A
                                                                                            SHA-512:77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="es-es" Language="3082" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">La instalaci.n de [WixBundleName] requiere Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="HelpHeader">Ayuda del programa de instalaci.n</String>.. <String Id="HelpText">/passive | /quiet - muestra una interfaz de usuario m.nima y no realiza.. preguntas, o bien no muestra interfaz de usuario y no realiza preguntas... De manera predeterminada se muestra la interfaz de usuario completa y se.. realizan todas las preguntas necesarias...../norestart - suprime cu
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (661), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):17406
                                                                                            Entropy (8bit):3.689906065154555
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:X0s5nlXxgFEuhO1i1bWYWd9c5W/WxXClcibj:X0s5nlXxgFE2LbpN5+x
                                                                                            MD5:EB67F8651AC8266DE916753DB3D42669
                                                                                            SHA1:0464EA4CFE13DFE80554643DA826D5E476E488CC
                                                                                            SHA-256:760C2E15D3CC33CDA3A9820F007CAB0478E1D4FF2F475971E0B73AB5337F09D1
                                                                                            SHA-512:BAC480A4F5BD91057BAF62E18F3B7C3403B7F27F92548C3C2AFCBDD5AE32C06AEEBD9A6A08FA959CE1FC89308281F9F68498C61374964EC50C6473E53C9AA01B
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".(.N.O.T. .O.U.S.C.o.n.n.e.c.t.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .O.U.A.C.o.n.n.e.c.t.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .O.U.D.O.C.o.n.n.e.c.t.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .O.U.D.V.8.i.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .O.U.M.V.8.i.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .O.U.P.V.8.i.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .O.U.W.M.V.8.i.I.n.s.t.a.l.l.e.d.). .A.N.D. .(.N.O.T. .E.D.C.V.8.i.I.n.s.t.a.l.l.e.d.).". .M.e.s.s.a.g.e.=.".P.l.e.a.s.e. .U.n.i.n.s.t.a.l.l. .[.O.U.I.N.S.T.A.L.L.E.D.P.R.O.D.U.C.T.N.A.M.E.]. .b.e.f.o.r.e. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.d.u.c.t.". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):791
                                                                                            Entropy (8bit):5.061501009029691
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:TMHdGbP07lzc+TXYr+XJ9bWzc+TXYcX1QpXbo02Vymhs4v/bX5JXbbQtmyjyuxm:2dKP07RtYry9itYwQVtXmh7bLgtmyjyF
                                                                                            MD5:C5EB5E3954D1A143028343F5B303E7D2
                                                                                            SHA1:3A80882B02D6CC9D09AD0B7BF279DE6F080726C3
                                                                                            SHA-256:6B60848A2DD83CBFF8F8B5161477CAEBA2F714AD4DEB54644BE589F63D865B3A
                                                                                            SHA-512:AAE8B7A4549436D35DEBAA57A7AA14FB18FC46384AE0AB65607BC74DBA992A4E9D2C9BC66EF4E0FB959403E0E33A8EF0F8A37BB6DE7C2F6C4B5A5890E9958F38
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>....<sectionGroup name="wix.bootstrapper" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperSectionGroup, BootstrapperCore">.....<section name="host" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.HostSection, BootstrapperCore"/>....</sectionGroup>...</configSections>...<startup useLegacyV2RuntimeActivationPolicy="true">....<supportedRuntime version="v4.0"/></startup>...<wix.bootstrapper>....<host assemblyName="WixInstallBA">.....<supportedFramework version="v4.5" runtimeVersion="v4.0"/>.....<supportedFramework version="v4\Client" runtimeVersion="v4.0"/>....</host>...</wix.bootstrapper>...<system.net>....<defaultProxy useDefaultCredentials="true"/>...</system.net>..</configuration>..
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):93968
                                                                                            Entropy (8bit):5.8605371011542875
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:2HMBp/GRbgi5ofpiG2pq+51zogZVPilxi:2uUbV5jlq+51zowVPZ
                                                                                            MD5:E808F606E54D6F823B9D22F56E8982FC
                                                                                            SHA1:9A7342DCCD0C6E51432D7E33D0886239759BDA4F
                                                                                            SHA-256:CF2AE76D1DA5AF70A72259E7E51DAE62C715BC32239DAF5DA6B1BDE122BCDAB6
                                                                                            SHA-512:ACC26487BD3387EB8F8EA0FA1790198FD773ECF85AD61B4ED5B88815C9B03B35AAB81747DB065DEAD1B51AE6276D58C51B53AC71B1FAE12505860664721EA2BB
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0...... ........... ...@....... ..............................Jm....@.................................`...O....@...............@.../...`......(-............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):109468
                                                                                            Entropy (8bit):5.306858621424133
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:4Z9cTd1iIOnUa8CmIbkGja5jVNMA+i86eFQjYLQJOJimaLglndcN6d9DoPAcjyzQ:4ZEnN/u3qidQW97KmZ6IE61APz
                                                                                            MD5:87C8E0A6E2A249413B88080DAB0E3A95
                                                                                            SHA1:42A46F75C8A9A4E0F6D154A46DB074C9CF5FB388
                                                                                            SHA-256:4B02F9AE82ED364C2DCC54AADADC0AA950530BF5C69659DC1C926C666250F646
                                                                                            SHA-512:855F50C8A2DBC4B7FA25454A21C5EE40C19A9228156AAF0B32EF5C3E44CC647AAA79C53CDDBB67C9CF0AC17A61660E8A4BC90227753B406ADBA238FD6B6761C8
                                                                                            Malicious:true
                                                                                            Preview:<html>....<head>..<meta http-equiv=Content-Type content="text/html; charset=utf-8">..<meta name=Generator content="Microsoft Word 15 (filtered)">..<style>.. .. /* Font Definitions */.. @font-face...{font-family:"Cambria Math";...panose-1:2 4 5 3 5 4 6 3 2 4;}..@font-face...{font-family:"Segoe UI";...panose-1:2 11 5 2 4 2 4 2 2 3;}.. /* Style Definitions */.. p.MsoNormal, li.MsoNormal, div.MsoNormal...{margin:0cm;...text-autospace:none;...font-size:11.0pt;...font-family:"Times New Roman",serif;}..h1...{margin-top:0cm;...margin-right:0cm;...margin-bottom:0cm;...margin-left:5.9pt;...text-autospace:none;...font-size:14.0pt;...font-family:"Times New Roman",serif;}..h2...{margin-top:0cm;...margin-right:0cm;...margin-bottom:0cm;...margin-left:35.9pt;...text-indent:-15.0pt;...text-autospace:none;...font-size:12.0pt;...font-family:"Times New Roman",serif;}..p.MsoHeader, li.MsoHeader, div.MsoHeader...{mso-style-link:"Header Char";...margin:0cm;...text-autospace:none;...font-size:11.0pt;...fon
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):126464
                                                                                            Entropy (8bit):5.761526804882093
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:BXpTk1Pla+8e/vc/XM+MWWftfT5757XFl/gySY0SVqF:bk1tOoYD0
                                                                                            MD5:97458FB37FCBEA19B16704474E0BB747
                                                                                            SHA1:D846A58C2DFA287DC070A3B3EAA12DE54AEFC5F4
                                                                                            SHA-256:EB6841497CAFAB1AAC432B09F4979997FA3314D4828BE15CDBD37F621BA38EAC
                                                                                            SHA-512:7EDEAADAE25C60ACF5FA969655AD667826DBEC8025A09BD14933D81C3FDDF2E6409C2F60345DA2420D63C70B3B4985F8E33913FE09AF5CB4695B28B2BA561F3D
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: hKgrI6tqYx.exe, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...sC.Z.........." ..0.................. ... ....... .......................`............`.................................x...O.... .......................@......@................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......T...l.............................................................{....*"..}....*....0..#...........i...+...Y.....(.......X...0..f*..0..>..........o0......+*..Y...o1...% ...._...c..(.......(.......X...0..f*&...(....*.0..:........ ...._....c.....{....(....}.......{....(....}.....{....f*R~......a ...._...da*..(2...*n .....{...%.....(3........*:.(4.....}....*..{....*V..}.....(2.....}....*..{....*"..}....*..{....*..{....*..{....*..{....-"..{....{2....{.....{....o5...}....
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):49152
                                                                                            Entropy (8bit):4.476480919433434
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:0exl81nX6ZxlvUAa7KoBv7epginbCe7AXjuw9tL0Duxj7tr+BrLFS:0exl81nK34PJepgqcVz7
                                                                                            MD5:26A0959C90B97D5E7D73CBB652C99E49
                                                                                            SHA1:FC31DBC77734DBC37274673EB7F3892BD54E3D7E
                                                                                            SHA-256:995D364A7396028314503D6E94ADE774A562FB09A5D3347D0B840FD596D47EB9
                                                                                            SHA-512:EA8C6EFEB74A07169FC3BBD12D5AA401FEC9D003F03B1973DAECDA2670C39BCEA7CBA891B804197827C20DAEA41772C09209839211102997CF92CF666113564F
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.=U...........!......... ........... ........@.. ....................................@....................................O.......h............................................................................ ............... ..H............text...$.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):188176
                                                                                            Entropy (8bit):5.959466185021699
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:pGfZS7hUuK3PcbFeRRLxyR69UgoCaf8xzCnfKlRUjW01KyPePc:lzMRLkR6joxfKK3
                                                                                            MD5:C2C83128276CC7C9CCCC399BB5D76031
                                                                                            SHA1:776F9CA8175D95D0BC7C44847D60091BDF415041
                                                                                            SHA-256:791DA16B0DF6956E88B04DAB8B543B99DC2ABD9AF24AA25208FE5A0981E811B3
                                                                                            SHA-512:C8651107F699DAA299182DBE594DA76CD794BA0D7661A483AAA932F0967A3AF5761C8E8A3250CB501019D39B483D09427AC75AA7FA3A191A090E226D8D9FD515
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: PhishAlertButtonSetup.exe, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e.........." ..0...... ......z.... ........... ....................................@.................................(...O......................../.......................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):487134
                                                                                            Entropy (8bit):4.601239497004852
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:Eyyk9hhW0H6A9xaGAX1YWM90QtDzncMpvETn7TZdP6zXcqHJhpARQ/l/3:Eyv9hlU1YTtUOb
                                                                                            MD5:3F3B628AC91EBBED6F7F76775A236100
                                                                                            SHA1:04B6A51730C9C6BB98877B72BD8263AD7278C437
                                                                                            SHA-256:61CB0C6259A7F40E8FDBC8314BE5B0F9B5BE12063756E14B8C0119CA1BCC95F2
                                                                                            SHA-512:177E145268F828D4ED4C0274864FE39A03C8405D18B01D7DD923E8B5AD883321C4438FD4B026AF99EAB95FEE2EE7EBB0DD5B8B08A6DDFB6466E9B5639AF18629
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Deployment.WindowsInstaller</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Deployment.WindowsInstaller.ColumnCollection">.. <summary>.. Collection of column information related to a <see cref="T:Microsoft.Deployment.WindowsInstaller.TableInfo"/> or.. <see cref="T:Microsoft.Deployment.WindowsInstaller.View"/>... </summary>.. </member>.. <member name="M:Microsoft.Deployment.WindowsInstaller.ColumnCollection.#ctor(System.Collections.Generic.ICollection{Microsoft.Deployment.WindowsInstaller.ColumnInfo})">.. <summary>.. Creates a new ColumnCollection based on a specified list of columns... </summary>.. <param name="columns">columns to be added to the new collection</param>.. </member>.. <member name="M:Microsoft.Deployment.WindowsInstaller.ColumnCollection.#ctor(Microsoft.Deploymen
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):701992
                                                                                            Entropy (8bit):5.940787194132384
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):32056
                                                                                            Entropy (8bit):6.149258764371362
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:TIBLvfWZ+Wzl0Mu/ygnmfIQkakJFpgIYiK+DFtXeOAM+o/8E9VF0Nybj:TIB3WZTzONzmfIQ1qpYiRkOAMxkEJ
                                                                                            MD5:03C9179C32BB23812675213C08C580D8
                                                                                            SHA1:6001EA371017C9020FDB7F97C5FF334702B755E7
                                                                                            SHA-256:EE02E48A04A159E259045648AB1194B0498C42EF6472A2C72B79B3B318DDF07A
                                                                                            SHA-512:A5242BD24979A6BB86AC8292D858FC47CAA302BF7A2F7D3878B14E4C0C165CD9E937805C9FDDBF9C9CB87B33D710BEF94137000B08EDAE4C424CFC3C0E2517B2
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..f...........!..0..J..........bi... ........... ..............................).....`..................................i..O....................T..8)...........g............................................... ............... ..H............text...hI... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B................Di......H........1.. 4...........e..(...........................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........(....rm..p~....o.....+..*...0...........(....r...p~....o.....+..*...0..C........(.......(.........,...{.....r...p(...+(....o.....+...}......}....*..0............{....(........+..*.0...........(....r...p(......(.........,..(....&.( ............o!...r...p("...(......{......(#.....
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):16184
                                                                                            Entropy (8bit):6.883732183894757
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:iByhaQnIYiK+DFc1HyAM+o/8E9VF0NyEKf4:/haQIYiRESAMxkE7A
                                                                                            MD5:B9A21405CE4DD0D00A6FC7FEF3419B6D
                                                                                            SHA1:FADFEA99FB6EC71DF37DA8DA767A77BB9358B365
                                                                                            SHA-256:DB90EB10716D696D14EBA3E786B97258FE4E0F52C4AAA99EC63CC51CE7F0C6A1
                                                                                            SHA-512:B8DE2600F62B439BD486F4FFA3228342D9DB18A97A7451C29488E58D14D1AB5BBFAE0076C89C874AC2B8A3F37BB0D28DC8350AF6C4B64B35600ADCE34957BFD5
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..............*... ...@....... ...............................e....`.................................:*..O....@..................8)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................n*......H........ ...............................................................0...........(....o.....r...p(....o.........(....o.........(....o.....(....o.........,7.(....o.....rE..p(...+(....o.....(....r...pr...po......*".(.....*BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.0.......#GUID...@...`...#Blob...........G..........3............................................................................b.............m.....m.....m.....m...N.m...g.m.....m.
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):138552
                                                                                            Entropy (8bit):6.241173028161675
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:LAsTc+v+AZKLJcukLW/Zd97oRr1wBvCCcbNs56/NZ:Lxb+AZKLJc/W/Zd97ocBDcb6Q
                                                                                            MD5:DC208D933BA6974A5BBF8B6619469DE5
                                                                                            SHA1:FF60667807BEB0A4BDE6F699613161BE9F435128
                                                                                            SHA-256:EFF24B3D2933F3B058E7E643A0A7BAB6BCDF5948A6EE9EEC469A8E80D7978638
                                                                                            SHA-512:80DDB47A30ADACF5341B165E3B9C0A2EA62D6BA20216BFDFB66D3C434B7CB4FD69EED1908CC21A7F1F46CA5BCE277128AB69874BDC019D9CE5942FA304C25733
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U......P............_......E......\......P...U...4......~......W.....\.T......T...RichU...........................PE..d.....zf.........."..................#.........@.............................@.......4....`.................................................t...<.... ..................8)...0..t.......p...............................8............0...............................text............................... ..`.rdata.......0......."..............@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..t....0......................@..B................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (6354), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):6354
                                                                                            Entropy (8bit):4.944393334683147
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:c2s5gEutyj6jnnii7jU7V7buuZVj9uxJPuFPuO9uo9u59uMRPubdPuF:G5OJAFXUZR4dI
                                                                                            MD5:70105BA2C15F727FA2AD4EF0B1E79899
                                                                                            SHA1:A69CACF34376303F24B7BEB3D619F10FD896FA56
                                                                                            SHA-256:16E696A3A6217BA72D8A39273FBB118920C00D98580BBBF2C79A2D71F055F68B
                                                                                            SHA-512:C8B15AA1D1940AD7CA484BA08F0AB1E64B1C528C537B2F2B8D0DE0AF6ACA51A73F2EAD97EFDD5923405A6679F8322232F314C55D5212B0AAC7AD5BCD78B4A73A
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" ?><LayoutSettings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><LocalizableWxlFileNames><FileName>ppWixStrings.wxl</FileName><FileName>OpenUtilitiesMap.WixStrings.wxl</FileName></LocalizableWxlFileNames><Pages><Page Name="InstallDirectorySelectionPage" Source="SetupPagesLib.dll" Xaml="InstallDirectorySelectionUserControl.xaml">NOT BeUpgradingProductCodes</Page><Page Name="WelcomeDialogInstallPage" Source="SetupPagesLib.dll" Xaml="WelcomeDialogInstallUserControl.xaml">BeUpgradingProductCodes</Page><Page Name="UninstallVerificationPage" Source="SetupPagesLib.dll" Xaml="UninstallVerificationUserConstrol.xaml">BePlannedAction=&quot;Uninstall&quot;</Page><Page Name="PPCustomWorkSpacesPage" Source="SetupPagesLib.dll" Xaml="PPCustomWorkSpacesUserControl.xaml"/><Page Name="DeploymentImageSettingsPage" Source="SetupPagesLib.dll" Xaml="DeploymentImageSettingsControl.xaml"/><Page Name="FeatureConfigPage" Source="SetupPagesL
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):408888
                                                                                            Entropy (8bit):5.989634248935896
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:KN9r8z5XI4sD6LDn63TW6HY/681R6QlE6Pc56Sx56DO06ZVF16DzO6mfs6csJ6Jh:2w44sD6LDn63TW6HY/681R6QlE6Pc56D
                                                                                            MD5:B851F3727BE3DD95CF79A7A1ACD9C7DF
                                                                                            SHA1:97B40D9DFB0966C711141E6125CC33C12513A4F2
                                                                                            SHA-256:02BCF34D2D49A48EA8C249A4BD637BE2CC86B6DA8F067A783CAEB6E9719DB816
                                                                                            SHA-512:FAA071E55E5A99A50706F60714499E86B191C902DEF9F5C194AAAD34D335A5386B9E83C516BBBC41C3109CB86FC6158E449D10CA7C2E25C142CBA4EF5D84702B
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....zf...........!..0..............)... ...@....... ...............................|....`.................................x)..O....@..p...............8)...`......@(............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................)......H...........Dj..........PC..p....'......................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o....*..( ...*...0............}......}.....~!...}......}.....~!...}.....~!...}.....~!...}.....(".....(......(.....#.......@(......}......}............s#...($...........s%...(&...*..{....*^..%-.&~!...}.....(....*..{....*~.{.........}.....(....,..(....*..{....*...}.....(.....(....,...~'...(....*..{....*..
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):134656
                                                                                            Entropy (8bit):6.559676765965599
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:EwiCCLJxzFa/XIZnbFBIa3APoGfAoA/g:GCQF3HBIYCbSg
                                                                                            MD5:695BD38BB62302A0903E4CED008A73DD
                                                                                            SHA1:7828E9F925AB978541E7DA8A21C79A9CEA5B1545
                                                                                            SHA-256:5EE45A965AA6BD6C00C795BDB394B9A8D911FBC8961EF62E55014F53EFE64F9F
                                                                                            SHA-512:67203AE6D51210F409B95674B6BA184A1F6C6768D3FB28424048D3240C5D467F91E49D0FB92CDCF211219C996057D21B70C9D3396F9874FD4D710CE69DD3C077
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1..1..1..YA..1..YA..61..YA..1...Y..1...Y..1...Y..1..YA..1..1..$1...X..1...X..1...X..1..1r.1...X..1..Rich.1..................PE..L......e...........!.....t...........N.......................................`............@.................................t........0.......................@..P.......T...........................8...@............................................text....r.......t.................. ..`.rdata..xq.......r...x..............@..@.data...............................@....rsrc........0......................@..@.reloc..P....@......................@..B........................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1757184
                                                                                            Entropy (8bit):6.006043757845107
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:KV2Zc3HyatnKl9tFTIfh3TvtomXvJTX5d+tF4:Vc3Ht
                                                                                            MD5:2F055F819691AA4A8A6FBF8FDBA2FC4C
                                                                                            SHA1:BD0ED47F54DFDA63CA1DD0EB377BDC74A0D9EB8F
                                                                                            SHA-256:A2C897A03F9F4795426EE058EA386A6891ACB9A8179B77060515A6BA6525E242
                                                                                            SHA-512:58BF10E629A14C1086571814D00E2B8DDEF94252EF2727DAEF684F8690A14B8D91DB845340842B6FE178979E9E5CB697E6E3A09DD6038DD2B6AA3F9B007B0DAF
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.........." ..0...... ......f.... ........... ....................................`.....................................O................................................................................... ............... ..H............text...l.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):628536
                                                                                            Entropy (8bit):6.36985683629423
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:XzFpOKFuMhNbUJaLsclwB9FrIJJaqCNktA+SXfUCc:XzFpOXZ4lwB9FrIJJpCNoh+7c
                                                                                            MD5:972F04F6F53DBFA26857C67A42523C70
                                                                                            SHA1:6CBB6044DEBA48058DCE69A3A76D8E38FB14FF7A
                                                                                            SHA-256:993D06F7AAAC5571A0BB6F3FDD6F066BB4AE41AC11510BDA065930D0502FD2DB
                                                                                            SHA-512:585C394D516E87D46B18747E16D2DDD87203288DB711EFCF2EB6994CAC7586A9A8A8AED1C6C26F50B2DA06DAFEF9BC3486DD9821A9A2F11FD0E98C4401832F4C
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....zf...........!..0..d............... ........... ....................................`.................................L...O.......p............n..8)........................................................... ............... ..H............text....b... ...d.................. ..`.rsrc...p............f..............@..@.reloc...............l..............@..B........................H.......0...T.............................................................(....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..(/...*"..(0...*&...(1...*&...(2...*&...(3...*6.(4....o....*....0../.......s......s....}.....{.....}......o....{....{....*6.(4....o....*....0../.......s......s
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):443
                                                                                            Entropy (8bit):4.9956781913821064
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:JeUtBRfUtKLCdoGNq4U2Yka6BU897tiKV/ljuB2T8SptXi:JeoRff0TwFG+etjVNyMT8Spc
                                                                                            MD5:F9A6786F6405CCDC77CDC04929F7216E
                                                                                            SHA1:1B9DA34F8AD1393E6C33F75205ADC5983691DA68
                                                                                            SHA-256:F6460F68EC235181A70ED25CE8E2E9A05B241E78ADE64C4F4B4D0537EF09DF3A
                                                                                            SHA-512:8A906CCF31E2BA8D8A428372077DE101CCEA821FFB630B7EC7D5F2BEEC5124FC0A49FE3DB162344817E7D96AE2EBCB9C0E067DA1F41625CF1A2302897DE283E3
                                                                                            Malicious:false
                                                                                            Preview:PowerProductPackage=b6c18917-9c9c-4f3c-9d6e-3b7a8e8e83c8..VisualBasicCore=af7e5986-b81e-4098-b098-cc0bef587be5..VisualBasicLang=18b2755a-380b-4edc-9e16-46c39290e5c7..DotNet48Full=8dd23369-8d5e-5460-9b86-c2ac917279fe..VC14RedistX64=27fbb505-8bad-5b41-b353-900792a3d808..BentleyConnectClient=6168a353-4141-4942-a6c6-e614f270bf70..DgnPreviewHandler=47b1790e-3f2b-4e6f-a00f-9f0f0173eb9d..DgnThumbNailProvider=1b027dba-a43e-4baf-81fa-db0cfa5b1802..
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):142616
                                                                                            Entropy (8bit):6.730761600307328
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:1xWu4uSLObpRTiyX+mJq4fazD3eN/LdYGrvqvP:OLudRPDq4fOCGGLq
                                                                                            MD5:E3471734DF4345B4EC9F60333A96982B
                                                                                            SHA1:8416F57FE6A376CE421DB24474859FE78A66F222
                                                                                            SHA-256:D728E7449243BC7099890BADB6FAE3F2B082A80D9C950E498051F89A65D48687
                                                                                            SHA-512:519598CE63B0E3AEA3F548B37191C52F59C70EB46FB2D12C16113A6662028F315B020A642D1A9821C3B17D22FABF328E4BBE68F99CC6EDBE331EEF508A195F2A
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[1..P...P...P... ...P... ...P... ...P..M8...P..M8...P..M8...P... ...P...P...P...9...P...9...P...9z..P...P...P...9...P..Rich.P..................PE..L......e...........!.....b..........O>.......................................P............@.........................P...........x.... .................../...0......@...T...............................@............................................text....a.......b.................. ..`.rdata..|u.......v...f..............@..@.data...............................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):210200
                                                                                            Entropy (8bit):6.679490293698669
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:tEIwsGi6eTe5uBR3SupIu+ieZpKamkOLCaQuEsSyhssS2KPjbfkd4qhgTrm9b3EJ:tEZdi6e93SuDeTKZxQfsRy26BqbUHF
                                                                                            MD5:87C8A7EA44E8EE0D9358E25B7DCD397D
                                                                                            SHA1:0E2021BE823FEE499175D2C0D68346D15C02A376
                                                                                            SHA-256:B7DE0A0CA3A94738747ABD708E30BA1F9638A8C8B7D8173C76D4F39FAE3D9346
                                                                                            SHA-512:98B5BBE5BB3EC331A0025E3DA209296050B2F695BE5A4B90B5C939F8FBBAADA6DD93483EBA779C10151546C2798AAB5282FA619A55EC0CF04F56A03795A0A3F5
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........N............e......e..............................e......e......e..............*.......*.......*.d.............*.......Rich............PE..L......e...........!.........................0...............................@............@............................................................../... ..x.......T...........................8...@............0..X............................text............................... ..`.rdata.......0....... ..............@..@.data...............................@....rsrc...............................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
                                                                                            Category:dropped
                                                                                            Size (bytes):797
                                                                                            Entropy (8bit):7.648767094164769
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5
                                                                                            MD5:A356956FD269567B8F4612A33802637B
                                                                                            SHA1:75AE41181581FD6376CA9CA88147011E48BF9A30
                                                                                            SHA-256:A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
                                                                                            SHA-512:A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E
                                                                                            Malicious:false
                                                                                            Preview:.PNG........IHDR...?...?.....W_......sRGB.........gAMA......a.....pHYs..........+......IDAThC./W.0....P(...Db+q8$.........J...-..8.e]._..;........Y... .Y....z\........{W|..../q..<%.....C5...0....OrU....,..^........).....2.......i.Ge..T9T..}.7..J.......}..b...S.>.%y..Fc..j.X.....y."...e.U..M(ez....4\..C....u.......w..0..J.Wo."...mM.r.h..8..q..X..k!...j..xn...l...W`..r.+.R..J........c.T.}......cz..<43..@.c..rH...|..V.....K.mN.........k....,..4OL..5..M.tm%=.U.t-7.w....k.R.....c...-].5~..]2..5...GA..[..={.5..].=(.$}.\.9..5...MWu..[#.....F..j.F...d...,..MWu.7..3......$.......G.t.....=;N<_:[......0.,1.y.\.Z.|..%..>}...q.s....y.#p......!-.;.6!o.KO..E.6...........<..c..9_B....y....im...b...Xn.....)t9Q...........V.WMtP. .P..Z.&..KR.ac......IEND.B`.
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):3915
                                                                                            Entropy (8bit):5.15881451198739
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP
                                                                                            MD5:A20778EC90A094A62A6C3A6AB2A6DC7D
                                                                                            SHA1:74C131B5FD80446FFDF2AFAD723762DD36621309
                                                                                            SHA-256:F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA
                                                                                            SHA-512:47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="mbapreq.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="96" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="112" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):2464
                                                                                            Entropy (8bit):5.076345322304751
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O
                                                                                            MD5:4D2C8D10C5DCCA6B938B71C8F02CA8A8
                                                                                            SHA1:11577021465379E9D1FF4260E607149BA5DFA6B3
                                                                                            SHA-256:C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96
                                                                                            SHA-512:AE791C1F05821167F1D2E1D07DBF95FE7E72B35B3E4B1E22720006C7A672B1330B748414792392B0E806F111AA4EFC1C424F4479EBDE349E3F079792DBB3BF47
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">Microsoft .NET Framework required for [WixBundleName] setup</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>.. <String Id="HelpClos
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):32002
                                                                                            Entropy (8bit):5.025759575952749
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:O8dIn/kaoJ/4A4A04ztIIhsGYz4sxSeXQXyhVJIRW+A8O06nT8:3EMYA4A04ztRsGYUeXrhVJwAznT8
                                                                                            MD5:BA1B4D64FCF1F94A24035E93E29EA101
                                                                                            SHA1:C96B453F1DCBA7BDD923AE674C76BE7ADAD4CC88
                                                                                            SHA-256:08FDC9DFA031096EBA53591B34BDC5260F5099C971C121099F6D23D8A3FCD989
                                                                                            SHA-512:701F8CD34D6C9DD8AD3973EA13F86DDFF2297BAA28D5FB8974B0778D2D0FA673AD8C6A308B46D9CBD5A5660E422669073904A82AB66F13435F5944622932BF3C
                                                                                            Malicious:false
                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>.. ..# $Source: install/english/BSWWixStrings.wxl $..#..# $Copyright: (c) 2021 Bentley Systems, Incorporated. All rights reserved. $..-->.... English strings that are not product dependent. -->......<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization" Codepage="1252">.. <String Id="BlankString" Overridable="yes"></String> Do not translate -->.. <String Id="LaunchMinimumOS" Overridable="yes">Requires Windows XP, Windows Vista, or Windows Server 2003 to install this program.</String>.. <String Id="LaunchRights" Overridable="yes">Administrator rights are required to install this program.</String>.. <String Id="LaunchActivationWizard" Overridable="yes">Launch the Product Activation Wizard. V8i applications require activation. You can start an Activation Wizard now or activate later from within the application.</String>.. <String Id="LaunchText" Overridable="yes">Launch</String>.. <String
                                                                                            Process:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                            Category:dropped
                                                                                            Size (bytes):438755
                                                                                            Entropy (8bit):7.9972466725622775
                                                                                            Encrypted:true
                                                                                            SSDEEP:12288:QVOwWNo1hsV39ll0XD/fzMJPcaURde9dd:xRN5Tll8fMJUB+/
                                                                                            MD5:B2E44D600B9B704FAE1214404D84A179
                                                                                            SHA1:8A9AFB881C281BEC9E5B5917BD16FC770B7F93BE
                                                                                            SHA-256:27BFD90BA42F49D55FA909F6E7B2C58B5496EA1945094CF39CB9166F554D5878
                                                                                            SHA-512:50511D204D947246FE9D507F374A25E1EC66BE148832236D4275438F8146E3FBEE03C8DF3D6B513D4820E5FA2AD92865035AFBAE30850CB012A9D1F78598AA09
                                                                                            Malicious:false
                                                                                            Preview:PK........|.vL................static/PK........|.vL................static/images/PK........e.vL4|..........1...GUID-017B384F-9716-41D8-81CF-DA46AB53DD2B-low.png$..T.].F.-.xq..P..mq.....-m)....;.ww....?.~V.X.&..s..w2..(/..L.....4)IQ.7o...g..x..=T.f......7e.$...;.r_...@y2D....%5..A.....+4y.HZJ.....q......>.H1.M...7.%. .j.w`...<.9........F......FyzU..y:......B*.gh..Z......^j..{....T../............-N....q..,EU.Xxz.......oJ>J.......p...tQ.hO............;..............7..Co.....+sS.".U|..o..$$D.V...3q..h.a.v...3......}{|t...jOIU.s...........Qa.q.PM.T.^.......},~.b,....O<<.3.`..a..x.V......Ud.WWt....g..aBV.w...&[.Y"Z....+yb........qf.~.+.O..........2z..N..#}.g@^.?.xc]Lq.0K&.........z.(!.^y...B^...E#.S...!.......>|_.c....,7..iZ:lw>..L.B......3..m9... tm.f..+.-((.[..~...B..e..m..R.^.....K.74s-...>.N..}......;..T.v._.r..q...wvf...K.t/...}o....'..!..f#...`X....z..d...H.).....\.s..7...~A....;33....[.(.FD.....9t.vvkk.i.vvh.....R......^..@YEEE...%T....z..
                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.931434291852171
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            File size:2'897'096 bytes
                                                                                            MD5:357a952831051d757359cadc23b43f43
                                                                                            SHA1:5cc270135b1925ae6b51004f22820eb2f94d21a4
                                                                                            SHA256:a33de435ee5de842b967ae90f0bdbfbf6d6eb067fb1932828706ee4439f72479
                                                                                            SHA512:8d09190239fdf781ad5b3a9cf6a3e8f11498ae79b955c7bf2120faf59e896e269ba1c365bf8d5b30c3c8770cfc6a1fed3b79501d5e0975d729fa709c88ed03db
                                                                                            SSDEEP:49152:QLZ5zot73nxu7LElC5tRnLuiFz9tVoLeuDPb7RI3evHESsUlWiATxwt715ECpD:QLZ1om7L8CRnaiF5oLvjbtzvHEntiATs
                                                                                            TLSH:16D51232A5611037EBF10573A968A5313E7DE3282B51C4AAE3D4BD1D7EA98C163F7213
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]aN.<...<...<...L...<...L..j<...T...<...T...<...T...<...L...<...L...<...L...<...<...=..PU...<..PU...<...<...<..PU...<..Rich.<.
                                                                                            Icon Hash:2d2e3797b32b2b99
                                                                                            Entrypoint:0x4302e5
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:true
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x65FE02D3 [Fri Mar 22 22:14:43 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:e277f1464e7729ad9df5ec047611738a
                                                                                            Signature Valid:true
                                                                                            Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                            Signature Validation Error:The operation completed successfully
                                                                                            Error Number:0
                                                                                            Not Before, Not After
                                                                                            • 03/05/2024 02:00:00 14/07/2027 01:59:59
                                                                                            Subject Chain
                                                                                            • CN="Bentley Systems, Incorporated", O="Bentley Systems, Incorporated", L=Exton, S=Pennsylvania, C=US
                                                                                            Version:3
                                                                                            Thumbprint MD5:2CE589519DC7CF658F9B06E070D63066
                                                                                            Thumbprint SHA-1:09E8B118160523D6F4A192B0227A53426EA033CF
                                                                                            Thumbprint SHA-256:841883BCE7CFFC704FA90F659A7790DF68BFB1C364B9CA7C828853422F5B6E95
                                                                                            Serial:0D69B823F48CA83D774B1798C991D4D1
                                                                                            Instruction
                                                                                            call 00007F6A84E90EDCh
                                                                                            jmp 00007F6A84E907CFh
                                                                                            int3
                                                                                            mov eax, dword ptr [esp+08h]
                                                                                            mov ecx, dword ptr [esp+10h]
                                                                                            or ecx, eax
                                                                                            mov ecx, dword ptr [esp+0Ch]
                                                                                            jne 00007F6A84E9095Bh
                                                                                            mov eax, dword ptr [esp+04h]
                                                                                            mul ecx
                                                                                            retn 0010h
                                                                                            push ebx
                                                                                            mul ecx
                                                                                            mov ebx, eax
                                                                                            mov eax, dword ptr [esp+08h]
                                                                                            mul dword ptr [esp+14h]
                                                                                            add ebx, eax
                                                                                            mov eax, dword ptr [esp+08h]
                                                                                            mul ecx
                                                                                            add edx, ebx
                                                                                            pop ebx
                                                                                            retn 0010h
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            cmp cl, 00000040h
                                                                                            jnc 00007F6A84E90967h
                                                                                            cmp cl, 00000020h
                                                                                            jnc 00007F6A84E90958h
                                                                                            shld edx, eax, cl
                                                                                            shl eax, cl
                                                                                            ret
                                                                                            mov edx, eax
                                                                                            xor eax, eax
                                                                                            and cl, 0000001Fh
                                                                                            shl edx, cl
                                                                                            ret
                                                                                            xor eax, eax
                                                                                            xor edx, edx
                                                                                            ret
                                                                                            int3
                                                                                            push ecx
                                                                                            lea ecx, dword ptr [esp+04h]
                                                                                            sub ecx, eax
                                                                                            sbb eax, eax
                                                                                            not eax
                                                                                            and ecx, eax
                                                                                            mov eax, esp
                                                                                            and eax, FFFFF000h
                                                                                            cmp ecx, eax
                                                                                            jc 00007F6A84E9095Eh
                                                                                            mov eax, ecx
                                                                                            pop ecx
                                                                                            xchg eax, esp
                                                                                            mov eax, dword ptr [eax]
                                                                                            mov dword ptr [esp], eax
                                                                                            ret
                                                                                            sub eax, 00001000h
                                                                                            test dword ptr [eax], eax
                                                                                            jmp 00007F6A84E90939h
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            cmp cl, 00000040h
                                                                                            jnc 00007F6A84E90967h
                                                                                            cmp cl, 00000020h
                                                                                            jnc 00007F6A84E90958h
                                                                                            shrd eax, edx, cl
                                                                                            shr edx, cl
                                                                                            ret
                                                                                            mov eax, edx
                                                                                            xor edx, edx
                                                                                            and cl, 0000001Fh
                                                                                            shr eax, cl
                                                                                            ret
                                                                                            xor eax, eax
                                                                                            xor edx, edx
                                                                                            ret
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            jmp 00007F6A84E9095Fh
                                                                                            push dword ptr [ebp+08h]
                                                                                            call 00007F6A84E9A11Dh
                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6bfd40xb4.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x710000x3af0.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x2c0b900x2938
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x750000x3ebc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x6ace00x54.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x6ad340x18.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x646e80x40.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x4e0000x3d4.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x6bb540x100.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x4ca3e0x4cc006815c282e1bc693149a4065a4b552600False0.5385948951547231data6.575139639749137IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x4e0000x1f6260x1f800b06ec0f7aec92ec457d68a2887bdc39fFalse0.29986669146825395data5.082703220713294IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x6e0000x183c0xc00350a688b66a5ddc1ea1d1a0cc2d04020False0.23274739583333334firmware 2005 v9319 (revision 0) \261\031\277DN\346@\273 V2, 0 bytes or less, at 0 0 bytes , at 0 0 bytes 2.869037900210062IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .wixburn0x700000x380x200ad9a401d16b1107a8f0cd7f7d3df45b2False0.12890625data0.7258747138069125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0x710000x3af00x3c006e589d1a19fa687af80c13ec283a208fFalse0.33372395833333335data5.506701043212035IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x750000x3ebc0x4000ac56ac7d93b473ebe9a2a079106f6056False0.79290771484375data6.748278735648908IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_ICON0x711780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.43185920577617326
                                                                                            RT_MESSAGETABLE0x71a200x2840dataEnglishUnited States0.28823757763975155
                                                                                            RT_GROUP_ICON0x742600x14dataEnglishUnited States1.2
                                                                                            RT_VERSION0x742740x3a8dataEnglishUnited States0.43162393162393164
                                                                                            RT_MANIFEST0x7461c0x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365
                                                                                            DLLImport
                                                                                            ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CreateWellKnownSid, InitializeAcl, DecryptFileW, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW
                                                                                            USER32.dllPeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW
                                                                                            OLEAUT32.dllVariantInit, SysAllocString, VariantClear, SysFreeString
                                                                                            GDI32.dllDeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC
                                                                                            SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW
                                                                                            ole32.dllCoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CoInitializeSecurity, CLSIDFromProgID
                                                                                            KERNEL32.dllGetFileType, GetStdHandle, EncodePointer, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, CreateFileW, CloseHandle, ExitProcess, CreateFileA, SetFilePointer, WriteFile, GetLastError, GetCurrentProcessId, GetSystemDirectoryW, LoadLibraryW, lstrlenA, HeapSetInformation, GetModuleHandleW, GetProcAddress, LocalFree, SetCurrentDirectoryW, GetCurrentDirectoryW, CreateDirectoryW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetFileAttributesW, GetTempFileNameW, RemoveDirectoryW, SetFileAttributesW, GetTempPathW, MoveFileExW, FormatMessageW, lstrlenW, MultiByteToWideChar, IsValidCodePage, LCMapStringW, ExpandEnvironmentStringsW, GetFileSizeEx, GetFullPathNameW, ReadFile, SetFilePointerEx, SetFileTime, Sleep, GlobalAlloc, GlobalFree, CopyFileW, GetLocalTime, GetModuleFileNameW, CompareStringW, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FreeLibrary, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, GetCurrentProcess, FindFirstFileExW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, GetVolumePathNameW, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetWindowsDirectoryW, GetNativeSystemInfo, GetSystemWow64DirectoryW, GetModuleHandleExW, GetComputerNameW, VerifyVersionInfoW, GetDateFormatW, GetUserDefaultUILanguage, GetUserDefaultLangID, GetSystemDefaultLangID, GetStringTypeW, DuplicateHandle, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, WaitForSingleObject, GetProcessId, OpenProcess, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, LocalFileTimeToFileTime, SetEndOfFile, ResetEvent, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, CreateMutexW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, GetThreadLocale, GetStartupInfoW, IsDebuggerPresent, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, DecodePointer, WriteConsoleW, GetModuleHandleA, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, GetCurrentThreadId, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LoadLibraryExA, VirtualQuery, VirtualProtect, GetSystemInfo, RaiseException, GetTimeZoneInformation
                                                                                            RPCRT4.dllUuidCreate
                                                                                            DescriptionData
                                                                                            CompanyNameBentley Systems, Incorporated
                                                                                            FileDescriptionOpenUtilities Map 2024
                                                                                            FileVersion24.0.0.11
                                                                                            InternalNamesetup
                                                                                            LegalCopyrightCopyright 2024 Bentley Systems, Incorporated. All rights reserved.
                                                                                            OriginalFilenameSetup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            ProductNameOpenUtilities Map 2024
                                                                                            ProductVersion24.0.0.11
                                                                                            Translation0x0409 0x04e4
                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Download Network PCAP: filteredfull

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2025-04-21T21:57:49.346158+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64968920.119.128.12443TCP
                                                                                            • Total Packets: 16
                                                                                            • 443 (HTTPS)
                                                                                            • 53 (DNS)
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Apr 21, 2025 21:57:47.230803013 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:47.230870962 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:47.230947018 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:47.351846933 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:47.351882935 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:47.951350927 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:47.951431990 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:47.954876900 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:47.954888105 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:47.955136061 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.011451006 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.056277990 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.335067034 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.335149050 CEST4434968820.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.335484982 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.339986086 CEST49688443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.381257057 CEST49689443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.381299973 CEST4434968920.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.381419897 CEST49689443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.381875992 CEST49689443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.381889105 CEST4434968920.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.960946083 CEST4434968920.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:48.963726044 CEST49689443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:48.963749886 CEST4434968920.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:49.346216917 CEST4434968920.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:49.346311092 CEST4434968920.119.128.12192.168.2.6
                                                                                            Apr 21, 2025 21:57:49.346544027 CEST49689443192.168.2.620.119.128.12
                                                                                            Apr 21, 2025 21:57:49.346930027 CEST49689443192.168.2.620.119.128.12
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Apr 21, 2025 21:57:46.940095901 CEST5987353192.168.2.61.1.1.1
                                                                                            Apr 21, 2025 21:57:47.221690893 CEST53598731.1.1.1192.168.2.6
                                                                                            Apr 21, 2025 21:57:49.349008083 CEST5875653192.168.2.61.1.1.1
                                                                                            Apr 21, 2025 21:57:49.513127089 CEST53587561.1.1.1192.168.2.6
                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Apr 21, 2025 21:57:46.940095901 CEST192.168.2.61.1.1.10xba02Standard query (0)aka.bentley.comA (IP address)IN (0x0001)false
                                                                                            Apr 21, 2025 21:57:49.349008083 CEST192.168.2.61.1.1.10xf92eStandard query (0)communities.bentley.comA (IP address)IN (0x0001)false
                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Apr 21, 2025 21:57:47.221690893 CEST1.1.1.1192.168.2.60xba02No error (0)aka.bentley.comprod-buddi-trafficmanager.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 21, 2025 21:57:47.221690893 CEST1.1.1.1192.168.2.60xba02No error (0)prod-buddi-trafficmanager.trafficmanager.netprod-buddiapp-eus2.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 21, 2025 21:57:47.221690893 CEST1.1.1.1192.168.2.60xba02No error (0)prod-buddiapp-eus2.azurewebsites.netwaws-prod-bn1-207.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 21, 2025 21:57:47.221690893 CEST1.1.1.1192.168.2.60xba02No error (0)waws-prod-bn1-207.sip.azurewebsites.windows.netwaws-prod-bn1-207-3057.eastus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 21, 2025 21:57:47.221690893 CEST1.1.1.1192.168.2.60xba02No error (0)waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com20.119.128.12A (IP address)IN (0x0001)false
                                                                                            Apr 21, 2025 21:57:49.513127089 CEST1.1.1.1192.168.2.60xf92eNo error (0)communities.bentley.com89.106.200.1A (IP address)IN (0x0001)false
                                                                                            • aka.bentley.com
                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.64968820.119.128.124437368C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-04-21 19:57:48 UTC96OUTGET /ODPayloadPathResolverExternal/0 HTTP/1.1
                                                                                            Host: aka.bentley.com
                                                                                            Connection: Keep-Alive
                                                                                            2025-04-21 19:57:48 UTC358INHTTP/1.1 302 Found
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Date: Mon, 21 Apr 2025 19:57:48 GMT
                                                                                            Server: Microsoft-IIS/10.0
                                                                                            Cache-Control: no-store, no-cache, must-revalidate, max-age=0
                                                                                            Location: https://connect-updateservicev2.bentley.com/api/v2/PayloadResolver/
                                                                                            Request-Context: appId=cid-v1:215b83b9-9730-483a-bd3a-a82ad30613c9
                                                                                            X-Powered-By: ASP.NET


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.64968920.119.128.124437368C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-04-21 19:57:48 UTC71OUTGET /MicroStation_KB_Requirements/0 HTTP/1.1
                                                                                            Host: aka.bentley.com
                                                                                            2025-04-21 19:57:49 UTC395INHTTP/1.1 302 Found
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Date: Mon, 21 Apr 2025 19:57:48 GMT
                                                                                            Server: Microsoft-IIS/10.0
                                                                                            Cache-Control: no-store, no-cache, must-revalidate, max-age=0
                                                                                            Location: https://communities.bentley.com/products/microstation/w/microstation__wiki/38230/windows-kb-requirements
                                                                                            Request-Context: appId=cid-v1:215b83b9-9730-483a-bd3a-a82ad30613c9
                                                                                            X-Powered-By: ASP.NET


                                                                                            • File
                                                                                            • Registry
                                                                                            • Network

                                                                                            Click to dive into process behavior distribution

                                                                                            Target ID:0
                                                                                            Start time:15:57:37
                                                                                            Start date:21/04/2025
                                                                                            Path:C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe"
                                                                                            Imagebase:0xa40000
                                                                                            File size:2'897'096 bytes
                                                                                            MD5 hash:357A952831051D757359CADC23B43F43
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:false

                                                                                            Target ID:1
                                                                                            Start time:15:57:37
                                                                                            Start date:21/04/2025
                                                                                            Path:C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.clean.room="C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe" -burn.filehandle.attached=528 -burn.filehandle.self=548
                                                                                            Imagebase:0xf00000
                                                                                            File size:2'735'248 bytes
                                                                                            MD5 hash:1B4C96DA3533ADE3A50D0D34DA728F28
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:false
                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                            No disassembly