Create Interactive Tour

Analysis Report IDSAUpdate.exe

Overview

General Information

Sample Name:	IDSAUpdate.exe
Analysis ID:	384487
MD5:	76a449c3ec9b08c759344aeaf6a9636d
SHA1:	eb6bb05041effc499d01935815888cf801763cf8
SHA256:	fa1ac84ae37b2c91bbffbfbd7a86d2bfa7371516ea8ed188d6446d48fda08be1
Infos:
Most interesting Screenshot:

Detection

Score:	4
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

Is looking for software installed on the system

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Startup

System is w10x64

IDSAUpdate.exe (PID: 5468 cmdline: 'C:\Users\user\Desktop\IDSAUpdate.exe' -install MD5: 76A449C3EC9B08C759344AEAF6A9636D)

IDSAUpdate.exe (PID: 6192 cmdline: 'C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=496 -burn.filehandle.self=592 -install MD5: F0268BD453B92DEA654860BF12352354)

IDSAUpdate.exe (PID: 6300 cmdline: 'C:\Users\user\Desktop\IDSAUpdate.exe' /install MD5: 76A449C3EC9B08C759344AEAF6A9636D)

IDSAUpdate.exe (PID: 6364 cmdline: 'C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=596 /install MD5: F0268BD453B92DEA654860BF12352354)

IDSAUpdate.exe (PID: 6472 cmdline: 'C:\Users\user\Desktop\IDSAUpdate.exe' /load MD5: 76A449C3EC9B08C759344AEAF6A9636D)

IDSAUpdate.exe (PID: 6500 cmdline: 'C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=584 /load MD5: F0268BD453B92DEA654860BF12352354)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Compliance
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: IDSAUpdate.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: IDSAUpdate.exe

Static PE information: certificate valid

Source: IDSAUpdate.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight (PCL)\obj\Release\GalaSoft.MvvmLight.pdb source: GalaSoft.MvvmLight.dll.1.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperCommonUI\obj\ProdRelease\BootstrapperCommonUI.pdbe! source: BootstrapperCommonUI.dll.5.dr
Source:	Binary string: C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight (PCL)\obj\Release\GalaSoft.MvvmLight.pdb\| source: GalaSoft.MvvmLight.dll.1.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperCommonUI\obj\ProdRelease\BootstrapperCommonUI.pdb source: BootstrapperCommonUI.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: mbahost.dll.5.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperUpdateUI\obj\ProdRelease\BootstrapperUpdateUI.pdb5 source: BootstrapperUpdateUI.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: IDSAUpdate.exe
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: BootstrapperCore.dll.5.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperUpdateUI\obj\ProdRelease\BootstrapperUpdateUI.pdb source: BootstrapperUpdateUI.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.7.dr

Source: IDSAUpdate.exe	String found in binary or memory: http://OCSP.intel.com/0
Source: IDSAUpdate.exe	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: IDSAUpdate.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: IDSAUpdate.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: IDSAUpdate.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: IDSAUpdate.exe	String found in binary or memory: http://ocsp.comodoca.com05
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: IDSAUpdate.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: IDSAUpdate.exe	String found in binary or memory: http://pki.intel.com/crl/IntelCA7B.crl0f
Source: IDSAUpdate.exe	String found in binary or memory: http://pki.intel.com/crt/IntelCA7B.crt0
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://wixtoolset.org
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://wixtoolset.org/news/
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: http://wixtoolset.org/releases/SCreating
Source: mbapreq.thm.1.dr	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: GalaSoft.MvvmLight.dll.1.dr	String found in binary or memory: http://www.galasoft.ch
Source: GalaSoft.MvvmLight.dll.1.dr	String found in binary or memory: http://www.galasoft.ch4
Source: GalaSoft.MvvmLight.dll.1.dr	String found in binary or memory: http://www.galasoft.chN
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://intel.co.jp/privacy
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://intel.com/privacy
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://policy.system-usage-report.intel.com/faq/
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://policy.system-usage-report.intel.com/faq/)
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://policy.system-usage-report.intel.com/faq/.
Source: IDSAUpdate.exe	String found in binary or memory: https://sectigo.com/CPS0D
Source: BootstrapperCore.dll.5.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.cn/content/www/cn/zh/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll0.1.dr	String found in binary or memory: https://www.intel.co.id/content/www/id/id/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll2.1.dr	String found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll13.5.dr, BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.co.kr/content/www/kr/ko/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com
Source: BootstrapperCommonUI.Resources.dll10.7.dr, BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com.tr/content/www/tr/tr/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com.tw/content/www/tw/zh/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll12.1.dr	String found in binary or memory: https://www.intel.com/content/www/cn/zh/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll1.7.dr	String found in binary or memory: https://www.intel.com/content/www/it/it/privacy/intel-privacy-notice.html.
Source: BootstrapperCommonUI.Resources.dll11.5.dr	String found in binary or memory: https://www.intel.com/content/www/pl/pl/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll4.1.dr	String found in binary or memory: https://www.intel.com/content/www/ru/ru/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll5.5.dr	String found in binary or memory: https://www.intel.com/content/www/th/th/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll7.5.dr	String found in binary or memory: https://www.intel.com/content/www/tw/zh/privacy/intel-privacy-notice.html)
Source: BootstrapperCommonUI.Resources.dll6.1.dr	String found in binary or memory: https://www.intel.com/content/www/vn/vi/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com/privacy
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com9
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.com;
Source: BootstrapperCommonUI.dll.5.dr, BootstrapperCommonUI.Resources.dll8.5.dr	String found in binary or memory: https://www.intel.de/content/www/de/de/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.es/content/www/es/es/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr, BootstrapperCommonUI.Resources.dll9.1.dr	String found in binary or memory: https://www.intel.fr/content/www/fr/fr/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll.5.dr	String found in binary or memory: https://www.intel.la/content/www/xl/es/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.nl/content/www/nl/nl/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.pl/content/www/pl/pl/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.Resources.dll3.5.dr	String found in binary or memory: https://www.intel.pl/content/www/pl/pl/privacy/intel-privacy-notice.html.
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.ru/content/www/ru/ru/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.intel.se/content/www/se/sv/privacy/intel-privacy-notice.html
Source: BootstrapperCommonUI.dll.5.dr	String found in binary or memory: https://www.thailand.intel.com/content/www/th/th/privacy/intel-privacy-notice.html

Source: C:\Users\user\Desktop\IDSAUpdate.exe

File created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\

Jump to behavior

Source: IDSAUpdate.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: IDSAUpdate.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: IDSAUpdate.exe.3.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: IDSAUpdate.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: IDSAUpdate.exe, 00000000.00000000.221099618.000000000142D000.00000002.00020000.sdmp	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe
Source: IDSAUpdate.exe, 00000001.00000000.222704238.000000000144D000.00000002.00020000.sdmp	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe
Source: IDSAUpdate.exe, 00000003.00000000.228374066.000000000142D000.00000002.00020000.sdmp	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe
Source: IDSAUpdate.exe, 00000005.00000000.230067993.0000000000B3D000.00000002.00020000.sdmp	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe
Source: IDSAUpdate.exe, 00000006.00000000.236111029.000000000142D000.00000002.00020000.sdmp	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe
Source: IDSAUpdate.exe, 00000007.00000000.237682613.0000000000ABD000.00000002.00020000.sdmp	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe
Source: IDSAUpdate.exe	Binary or memory string: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel vs IDSAUpdate.exe

Source: IDSAUpdate.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::.ctor(System.String,System.String)
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/CachePackageBeginEventArgs.cs	Suspicious method names: System.Int64 Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CachePackageBeginEventArgs::get_CachePayloads()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::.ctor(System.String,System.String,System.Int32)
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::.ctor(System.String,System.String)
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireProgressEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireProgressEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/ResolveSourceEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.ResolveSourceEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::.ctor(System.String,System.String)
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/ResolveSourceEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.ResolveSourceEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/CachePackageBeginEventArgs.cs	Suspicious method names: System.Int64 Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CachePackageBeginEventArgs::get_CachePayloads()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireProgressEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireProgressEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::.ctor(System.String,System.String,System.Int32)
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/CachePackageBeginEventArgs.cs	Suspicious method names: System.Int64 Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CachePackageBeginEventArgs::get_CachePayloads()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyBeginEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.7.dr, Tools.WindowsInstallerXml/Bootstrapper/ResolveSourceEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.ResolveSourceEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::.ctor(System.String,System.String,System.Int32)
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.5.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireProgressEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireProgressEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.1.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyCompleteEventArgs.cs	Suspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyCompleteEventArgs::get_PayloadId()

Source: classification engine

Classification label: clean4.winEXE@9/153@0/0

Source: C:\Users\user\Desktop\IDSAUpdate.exe

File created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\

Jump to behavior

Source: IDSAUpdate.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: C:\Users\user\Desktop\IDSAUpdate.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: IDSAUpdate.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: IDSAUpdate.exe	String found in binary or memory: bOriginalFilenameIntel-Driver-and-Support-Assistant-Installer.exedDProductNameIntel

Source: C:\Users\user\Desktop\IDSAUpdate.exe

File read: C:\Users\user\Desktop\IDSAUpdate.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\IDSAUpdate.exe 'C:\Users\user\Desktop\IDSAUpdate.exe' -install
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=496 -burn.filehandle.self=592 -install
Source: unknown	Process created: C:\Users\user\Desktop\IDSAUpdate.exe 'C:\Users\user\Desktop\IDSAUpdate.exe' /install
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=596 /install
Source: unknown	Process created: C:\Users\user\Desktop\IDSAUpdate.exe 'C:\Users\user\Desktop\IDSAUpdate.exe' /load
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=584 /load
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=496 -burn.filehandle.self=592 -install	Jump to behavior
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=596 /install	Jump to behavior
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=584 /load	Jump to behavior

Source: C:\Users\user\Desktop\IDSAUpdate.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: IDSAUpdate.exe

Static PE information: certificate valid

Source: IDSAUpdate.exe

Static file information: File size 5578512 > 1048576

Source: IDSAUpdate.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: IDSAUpdate.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: IDSAUpdate.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: IDSAUpdate.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: IDSAUpdate.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: IDSAUpdate.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: IDSAUpdate.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: IDSAUpdate.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight (PCL)\obj\Release\GalaSoft.MvvmLight.pdb source: GalaSoft.MvvmLight.dll.1.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperCommonUI\obj\ProdRelease\BootstrapperCommonUI.pdbe! source: BootstrapperCommonUI.dll.5.dr
Source:	Binary string: C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight (PCL)\obj\Release\GalaSoft.MvvmLight.pdb\| source: GalaSoft.MvvmLight.dll.1.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperCommonUI\obj\ProdRelease\BootstrapperCommonUI.pdb source: BootstrapperCommonUI.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: mbahost.dll.5.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperUpdateUI\obj\ProdRelease\BootstrapperUpdateUI.pdb5 source: BootstrapperUpdateUI.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: IDSAUpdate.exe
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: BootstrapperCore.dll.5.dr
Source:	Binary string: C:\Source\Repos\dsa-dev\Installers\BootstrapperUpdateUI\obj\ProdRelease\BootstrapperUpdateUI.pdb source: BootstrapperUpdateUI.dll.5.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.7.dr

Source: IDSAUpdate.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: IDSAUpdate.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: IDSAUpdate.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: IDSAUpdate.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: IDSAUpdate.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: IDSAUpdate.exe	Static PE information: real checksum: 0x55412a should be: 0x5582bd
Source: IDSAUpdate.exe.6.dr	Static PE information: real checksum: 0x55412a should be: 0x11844b
Source: IDSAUpdate.exe.0.dr	Static PE information: real checksum: 0x55412a should be: 0x11844b
Source: IDSAUpdate.exe.3.dr	Static PE information: real checksum: 0x55412a should be: 0x11844b

Source: IDSAUpdate.exe	Static PE information: section name: .wixburn
Source: IDSAUpdate.exe.0.dr	Static PE information: section name: .wixburn
Source: IDSAUpdate.exe.3.dr	Static PE information: section name: .wixburn
Source: IDSAUpdate.exe.6.dr	Static PE information: section name: .wixburn

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbahost.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbahost.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbahost.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	File created: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	File created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	File created: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbahost.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbahost.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbahost.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	File created: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	File created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	File created: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	File created: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\vi\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\fr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\th\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\de\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ja\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ru\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\es\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\id\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ko\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\tr\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCommonUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperUpdateUI.dll	Jump to dropped file
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCore.dll	Jump to dropped file
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pl\BootstrapperCommonUI.Resources.dll	Jump to dropped file
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Dropped PE file which has not been started: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\it\BootstrapperCommonUI.Resources.dll	Jump to dropped file

Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Registry key enumerated: More than 299 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Registry key enumerated: More than 299 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Registry key enumerated: More than 299 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=496 -burn.filehandle.self=592 -install	Jump to behavior
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=596 /install	Jump to behavior
Source: C:\Users\user\Desktop\IDSAUpdate.exe	Process created: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe 'C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=584 /load	Jump to behavior

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCore.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperUpdateUI.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCommonUI.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\GalaSoft.MvvmLight.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperUpdateUI.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCommonUI.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCore.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperUpdateUI.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCommonUI.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\GalaSoft.MvvmLight.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior

Source: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	Path Interception	Process Injection11	Masquerading2	OS Credential Dumping	Query Registry1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Disable or Modify Tools1	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection11	Security Account Manager	System Information Discovery22	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
IDSAUpdate.exe	3%	Virustotal		Browse
IDSAUpdate.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Link
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCommonUI.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll	0%	Metadefender	Browse
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll	2%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperUpdateUI.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll	0%	Metadefender	Browse
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\de\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\es\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\fr\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\id\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\it\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ja\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ko\BootstrapperCommonUI.Resources.dll	0%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://www.intel.com.tw/content/www/tw/zh/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
https://www.intel.nl/content/www/nl/nl/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
https://www.intel.com;	0%	Avira URL Cloud	safe
https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
https://www.intel.com.tr/content/www/tr/tr/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
https://www.intel.com9	0%	Avira URL Cloud	safe
https://www.intel.co.kr/content/www/kr/ko/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
http://appsyndication.org/2006/appsynapplicationc:	0%	Avira URL Cloud	safe
https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
https://intel.co.jp/privacy	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://www.galasoft.ch4	0%	Avira URL Cloud	safe
https://www.intel.co.id/content/www/id/id/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://www.galasoft.ch	0%	Avira URL Cloud	safe
http://www.galasoft.chN	0%	Avira URL Cloud	safe
https://www.intel.se/content/www/se/sv/privacy/intel-privacy-notice.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.intel.com	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.com.tw/content/www/tw/zh/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	IDSAUpdate.exe	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.intel.com/content/www/tw/zh/privacy/intel-privacy-notice.html)	BootstrapperCommonUI.Resources.dll7.5.dr	false		high
http://wixtoolset.org/schemas/thmutil/2010	mbapreq.thm.1.dr	false		high
https://www.intel.com/content/www/it/it/privacy/intel-privacy-notice.html.	BootstrapperCommonUI.Resources.dll1.7.dr	false		high
https://www.intel.com/content/www/th/th/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll5.5.dr	false		high
https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.nl/content/www/nl/nl/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.com;	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	low
https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false		high
https://policy.system-usage-report.intel.com/faq/	BootstrapperCommonUI.dll.5.dr	false		high
http://wixtoolset.org/news/	BootstrapperCore.dll.5.dr	false		high
https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll10.7.dr, BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.com.tr/content/www/tr/tr/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.ru/content/www/ru/ru/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.com/content/www/ru/ru/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll4.1.dr	false		high
http://wixtoolset.org/releases/SCreating	BootstrapperCore.dll.5.dr	false		high
https://www.intel.com9	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
http://pki.intel.com/crl/IntelCA7B.crl0f	IDSAUpdate.exe	false		high
https://www.intel.co.kr/content/www/kr/ko/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll13.5.dr, BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.cn/content/www/cn/zh/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false		high
http://appsyndication.org/2006/appsynapplicationc:	IDSAUpdate.exe	false	Avira URL Cloud: safe	unknown
http://wixtoolset.org	BootstrapperCore.dll.5.dr	false		high
https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll2.1.dr	false	Avira URL Cloud: safe	unknown
https://policy.system-usage-report.intel.com/faq/.	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.es/content/www/es/es/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.com/content/www/vn/vi/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll6.1.dr	false		high
https://intel.co.jp/privacy	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0D	IDSAUpdate.exe	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.intel.com/privacy	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.de/content/www/de/de/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr, BootstrapperCommonUI.Resources.dll8.5.dr	false		high
https://policy.system-usage-report.intel.com/faq/)	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.com/content/www/cn/zh/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll12.1.dr	false		high
https://www.thailand.intel.com/content/www/th/th/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false		high
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v	BootstrapperCore.dll.5.dr	false		high
https://intel.com/privacy	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.pl/content/www/pl/pl/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false		high
https://www.intel.la/content/www/xl/es/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll.5.dr	false		high
http://pki.intel.com/crt/IntelCA7B.crt0	IDSAUpdate.exe	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	IDSAUpdate.exe	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.galasoft.ch4	GalaSoft.MvvmLight.dll.1.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.co.id/content/www/id/id/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll0.1.dr	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	IDSAUpdate.exe	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.intel.fr/content/www/fr/fr/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr, BootstrapperCommonUI.Resources.dll9.1.dr	false		high
http://www.galasoft.ch	GalaSoft.MvvmLight.dll.1.dr	false	Avira URL Cloud: safe	unknown
http://www.galasoft.chN	GalaSoft.MvvmLight.dll.1.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.se/content/www/se/sv/privacy/intel-privacy-notice.html	BootstrapperCommonUI.dll.5.dr	false	Avira URL Cloud: safe	unknown
https://www.intel.com/content/www/pl/pl/privacy/intel-privacy-notice.html	BootstrapperCommonUI.Resources.dll11.5.dr	false		high
https://www.intel.pl/content/www/pl/pl/privacy/intel-privacy-notice.html.	BootstrapperCommonUI.Resources.dll3.5.dr	false		high
http://OCSP.intel.com/0	IDSAUpdate.exe	false		high

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	384487
Start date:	09.04.2021
Start time:	10:18:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	IDSAUpdate.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Cmdline fuzzy
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean4.winEXE@9/153@0/0
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, conhost.exe, SgrmBroker.exe, svchost.exe Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll	PDFCreator-4_0_3-Setup.exe	Get hash	malicious	Browse
C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll	RFLinkClient-2.30.0.29010.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Intel _Driver_&_Support_Assistant_20210409101848.log Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2711
Entropy (8bit):	5.343096865986962
Encrypted:	false
SSDEEP:	48:2cguS7iNuaiHn6SV+7bEqygIzPsHUG8JFhT:bgXHn1Qy+UGY/
MD5:	24D984C823CCEEFADB56738FEC71A37F
SHA1:	F26CFB18BF597D369F5732576A1F19BB73B0C5C9
SHA-256:	3D70DC23A10FAB9BDBF8372E4E10088CC44F004BD3B8253F029C8039320B6C13
SHA-512:	3C28122E3A2C9A73C9797ACAAC2601E5AE80CFA9E0FD03DE1D9AE2F10945D0C5975E55CE5C0DF01FFC624BFAFF61E62D1E68E40A9A49378E3E19D757D3F27EBE
Malicious:	false
Reputation:	low
Preview:	[1830:1834][2021-04-09T10:18:48]i001: Burn v3.11.2.4516, Windows v10.0 (Build 17134: Service Pack 0), path: C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe..[1830:1834][2021-04-09T10:18:48]i000: Initializing string variable 'IsLTSC' to value 'false'..[1830:1834][2021-04-09T10:18:48]i000: Initializing version variable 'VCRedist2015' to value '14.0.24215'..[1830:1834][2021-04-09T10:18:48]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\IDSAUpdate.exe -burn.filehandle.attached=496 -burn.filehandle.self=592 -install'..[1830:1834][2021-04-09T10:18:48]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\IDSAUpdate.exe'..[1830:1834][2021-04-09T10:18:48]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1830:1834][2021-04-09T10:18:48]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Intel._Driver_&_Support_Assistant_20210409101848

C:\Users\user\AppData\Local\Temp\Intel _Driver_&_Support_Assistant_20210409101851.log Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2711
Entropy (8bit):	5.377909022153448
Encrypted:	false
SSDEEP:	48:8cgDNMaiH5nISr+1bEIxoI1P26otoUX8JF1vt:1gwHJTqR9otoUXYDF
MD5:	FDA8A33D5FE360C35F1ABFE01A82D7B8
SHA1:	600150EC0AD004BB149B14F7FF9213EF8490F2BF
SHA-256:	E04962787138E90FA39221E66FBFCD28C7DF921AFA06E6B71C1456B6C308115B
SHA-512:	A6C69FD45C33581AE8AFEAEC3C5A71E5BDCECA71313D8B0FD76C6BEAFCB0CD96243546A870D321278E4CC3F332827CD601E5C0D592E4BA7ED7D014333F44E767
Malicious:	false
Reputation:	low
Preview:	[18DC:18E0][2021-04-09T10:18:51]i001: Burn v3.11.2.4516, Windows v10.0 (Build 17134: Service Pack 0), path: C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe..[18DC:18E0][2021-04-09T10:18:51]i000: Initializing string variable 'IsLTSC' to value 'false'..[18DC:18E0][2021-04-09T10:18:51]i000: Initializing version variable 'VCRedist2015' to value '14.0.24215'..[18DC:18E0][2021-04-09T10:18:51]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\IDSAUpdate.exe -burn.filehandle.attached=564 -burn.filehandle.self=596 /install'..[18DC:18E0][2021-04-09T10:18:51]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\IDSAUpdate.exe'..[18DC:18E0][2021-04-09T10:18:51]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[18DC:18E0][2021-04-09T10:18:51]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Intel._Driver_&_Support_Assistant_20210409101851

C:\Users\user\AppData\Local\Temp\Intel _Driver_&_Support_Assistant_20210409101855.log Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2708
Entropy (8bit):	5.357505200980612
Encrypted:	false
SSDEEP:	48:kcgkvMNN9MaiHA8A3SB93+p3bFy383zTN4AI0PJl5N8JFqNV:dgdsHA8LBYL665NYUV
MD5:	8E285235640F342083EAA4BC6AB1650F
SHA1:	9947BEA285583A627BADAB2816ED5A4859B46000
SHA-256:	13796F4A4DFA1AD4872E97C26EC7A4E1007A8E274B2B5BAB211471BE400302EB
SHA-512:	3D451C10AFAE8C896A9B1B638BC0BBE6812238720E68B78152B8EFE49FA7DED1D82DBBF637CE76EF9E5ACAA1E973E54254433FEAE89646083835E62F9C12EA0C
Malicious:	false
Reputation:	low
Preview:	[1964:1968][2021-04-09T10:18:55]i001: Burn v3.11.2.4516, Windows v10.0 (Build 17134: Service Pack 0), path: C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe..[1964:1968][2021-04-09T10:18:55]i000: Initializing string variable 'IsLTSC' to value 'false'..[1964:1968][2021-04-09T10:18:55]i000: Initializing version variable 'VCRedist2015' to value '14.0.24215'..[1964:1968][2021-04-09T10:18:55]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\IDSAUpdate.exe -burn.filehandle.attached=564 -burn.filehandle.self=584 /load'..[1964:1968][2021-04-09T10:18:55]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\IDSAUpdate.exe'..[1964:1968][2021-04-09T10:18:55]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1964:1968][2021-04-09T10:18:55]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Intel._Driver_&_Support_Assistant_20210409101855.lo

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1028\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2025
Entropy (8bit):	6.231406644010833
Encrypted:	false
SSDEEP:	48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE
MD5:	1D4B831F77EFEC96FFBC70BC4B59B8B5
SHA1:	1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB
SHA-256:	1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C
SHA-512:	C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-tw" Language="1028" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName] ...... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive \| /quiet - ...... UI ............ UI ... ........... UI ........../norestart - ................UI ............./log log.txt - ............ %TEMP% ......</String>.. <Stri

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1029\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2458
Entropy (8bit):	5.36165936198009
Encrypted:	false
SSDEEP:	48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS
MD5:	CC8C6D04DC707B38E0F0C08BA16FE49B
SHA1:	95EA7F570677AEA52393D02FDB21CEBB218A7343
SHA-256:	DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9
SHA-512:	A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="cs-cz" Language="1029" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalace produktu [WixBundleName]</String>.. <String Id="Title">Pro instalaci produktu [WixBundleName] je vy.adov.no rozhran. Microsoft .NET Framework.</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/passive \| /quiet - Zobraz. minim.ln. u.ivatelsk. rozhran. bez jak.chkoli.. v.zev, nebo nezobraz. ..dn. u.ivatelsk. rozhran. ani ..dn. v.zvy. Ve v.choz.m.. nastaven. se jak u.ivatelsk. rozhran., tak i v.echny v.zvy zobrazuj....../norestart - Potla.. jak.koli p

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1030\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2286
Entropy (8bit):	5.061915970731254
Encrypted:	false
SSDEEP:	48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF
MD5:	7C6E4CE87870B3B5E71D3EF4555500F8
SHA1:	E831E8978A48BEAFA04AAD52A564B7EADED4311D
SHA-256:	CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
SHA-512:	2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="da-dk" Language="1030" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation af [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework skal v.re installeret i forbindelse med Installationen af [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Er du sikker p., at du vil annullere?</String>.. <String Id="HelpHeader">Hj.lp til installation</String>.. <String Id="HelpText">/passive \| /quiet - viser en minimal brugergr.nseflade uden prompter eller.. viser ingen brugergr.nseflade og ingen prompter... Brugergr.nsefladen og alle prompter vises som standard...../norestart - skjuler fors.g p. genstart. Der vises som standard en.. foresp.rgse

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1031\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2442
Entropy (8bit):	5.094465051245675
Encrypted:	false
SSDEEP:	48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD
MD5:	C8E7E0B4E63B3076047B7F49C76D56E1
SHA1:	4E44E656A0D552B2FFD65911CB45245364E5DBF3
SHA-256:	631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295
SHA-512:	FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="de-de" Language="1031" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <UI Control="InstallButton" Width="180" />.. .. <String Id="Caption">[WixBundleName]-Setup</String>.. <String Id="Title">F.r das [WixBundleName]-Setup ist Microsoft .NET Framework erforderlich.</String>.. <String Id="ConfirmCancelMessage">Sind Sie sicher, dass Sie den Vorgang abbrechen m.chten?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/passive \| /quiet - zeigt eine minimale Benutzeroberfl.che ohne.. Eingabeaufforderungen oder keine Benutzeroberfl.che und keine.. Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und.. alle Eingabeaufforderungen angezeigt...../no

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1032\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3400
Entropy (8bit):	5.279888750092028
Encrypted:	false
SSDEEP:	48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk
MD5:	074D5921AF07E6126049CB45814246ED
SHA1:	91D4BDDA8D2B703879CFE2C28550E0A46074FA57
SHA-256:	B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5
SHA-512:	28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="el-gr" Language="1032" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">........... ... [WixBundleName]</String>.. <String Id="Title">... ... ........... ... [WixBundleName] .......... .. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">..... ....... ... ...... .. ..... .......;</String>.. <String Id="HelpHeader">....... ... ... ...........</String>.. <String Id="HelpText">/passive \| /quiet - ......... ........ ........... ... ............. .......... ...... ..... ........ . ... ..

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1035\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2235
Entropy (8bit):	5.142592159444541
Encrypted:	false
SSDEEP:	48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs
MD5:	E338408F1101499EB22507A3451F7B06
SHA1:	83B42F9D7307265A108FC339D0460D36B66A8B94
SHA-256:	B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3
SHA-512:	F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fi-fi" Language="1035" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] -asennus</String>.. <String Id="Title">Microsoft .NET Framework tarvitaan [WixBundleName] -asennusta varten</String>.. <String Id="ConfirmCancelMessage">Haluatko varmasti peruuttaa?</String>.. <String Id="HelpHeader">Asennusohjelman ohje</String>.. <String Id="HelpText">/passive \| /quiet - n.ytt.. mahdollisimman v.h.n k.ytt.liittym.st.; ei.. kehotteita tai ei k.ytt.liittym.. ja kehotteita. Oletusarvoisesti.. k.ytt.liittym. ja kaikki kehotteet n.ytet..n...../norestart - est.. uudelleenk.ynnistysyritykset. Oletusarvoisesti.. k.ytt.liittym. kysyy ennen uudelleenk.yn

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1036\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2306
Entropy (8bit):	5.076293283609686
Encrypted:	false
SSDEEP:	48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY
MD5:	AA32A059AADD42431F7837CB1BE7257F
SHA1:	4CD21661E341080FB8C2DEFD9F32F134561FC3BA
SHA-256:	88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9
SHA-512:	78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fr-fr" Language="1036" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework requis pour l'installation de [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.tes-vous s.r de vouloir annuler.?</String>.. <String Id="HelpHeader">Aide de l'installation</String>.. <String Id="HelpText">/passive \| /quiet - affiche une interface minimale sans invites ou n'affiche.. aucune interface ni aucune invite. Par d.faut, l'interface et toutes les.. invites sont affich.es...../norestart - annule toute tentative de red.marrage. Par d.faut, l'interface.. affiche une invite avant de red.marrer..

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1038\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2392
Entropy (8bit):	5.293225307744296
Encrypted:	false
SSDEEP:	48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr
MD5:	17FB605A2F02DA203DF06F714D1CC6DE
SHA1:	3A71D13D4CCA06116B111625C90DD1C451EA9228
SHA-256:	55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF
SHA-512:	D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="hu-hu" Language="1038" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] telep.t.</String>.. <String Id="Title">A(z) [WixBundleName] telep.t.s.hez Microsoft .NET-keretrendszer sz.ks.ges</String>.. <String Id="ConfirmCancelMessage">Biztosan megszak.tja?</String>.. <String Id="HelpHeader">A telep.t. s.g.ja</String>.. <String Id="HelpText">/passive \| /quiet - Minim.lis felhaszn.l.i fel.let megjelen.t.se k.rd.sek.. n.lk.l, illetve felhaszn.l.i fel.let .s k.rd.sek megjelen.t.se n.lk.li.. telep.t.s. Alapesetben a felhaszn.l.i fel.let .s minden k.rd.s megjelenik...../norestart - Az .jraind.t.si k.r.sek elrejt.se. Alapeset

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1040\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	4.985260685429469
Encrypted:	false
SSDEEP:	48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp
MD5:	50261379B89457B1980FF19CFABE6A08
SHA1:	F80B1F416539D33206CE3C24BA3B14B799A84813
SHA-256:	A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7
SHA-512:	BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="it-it" Language="1040" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework necessario per l'installazione di [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida dell'installazione</String>.. <String Id="HelpText">/passive \| /quiet - visualizza l'interfaccia utente minima senza istruzioni.. oppure non visualizza n. l'interfaccia utente n. le istruzioni. Per.. impostazione predefinita vengono visualizzate interfaccia utente e.. istruzioni...../norestart - elimina eventuali tentativi di riavvio. Per impostazione.. predefinita l'int

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1041\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2545
Entropy (8bit):	5.923292576429967
Encrypted:	false
SSDEEP:	48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz
MD5:	DB0F5BAB42403FD67C0A18E35E6880EC
SHA1:	C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC
SHA-256:	CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE
SHA-512:	589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ja-jp" Language="1041" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ......</String>.. <String Id="Title">[WixBundleName] ........ Microsoft .NET Framework .....</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/passive \| /quiet - ... UI ....................UI.. .............. .....UI ....................../norestart - ........................

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1042\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2236
Entropy (8bit):	5.97627825234954
Encrypted:	false
SSDEEP:	48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY
MD5:	442F8463EF5CA42B99B2EFACA696BD01
SHA1:	67496DB91CBAA85AC0727B12FC2D35E990537DAC
SHA-256:	D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD
SHA-512:	A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ko-kr" Language="1042" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] ... ... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/passive \| /quiet - ... .. .. UI. ..... UI. .... .... .... ..... ..... UI . .. .... ........../norestart - .. ..... ... ...... ..... UI. .. .... .. .... ......../log log.txt - .

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1043\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2312
Entropy (8bit):	4.965432037520827
Encrypted:	false
SSDEEP:	48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl
MD5:	67F28BCDB3BA6774CD66AA198B06FF38
SHA1:	85D843B7248A5E1173FF9BD59CB73BB505F69B66
SHA-256:	226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E
SHA-512:	7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nl-nl" Language="1043" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installatie</String>.. <String Id="Title">Microsoft .NET Framework is vereist voor installatie [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Weet u zeker dat u de installatie wilt annuleren?</String>.. <String Id="HelpHeader">Help bij Setup</String>.. <String Id="HelpText">/passive \| /quiet - geeft een minimale gebruikersinterface weer zonder prompts.. of geeft geen gebruikersinterface en geen prompts weer. Gebruikersinterface.. en alle prompts worden standaard weergegeven...../norestart - pogingen tot opnieuw opstarten onderdrukken... Gebruikersinterface vraagt standaard al

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1044\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2171
Entropy (8bit):	5.089922193759582
Encrypted:	false
SSDEEP:	48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S
MD5:	5454F724C9CDAB8172678A1CC7057220
SHA1:	241A57018ACE1210881583A9CF646E7D2E51412F
SHA-256:	41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113
SHA-512:	40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nb-no" Language="1044" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installasjonsprogram</String>.. <String Id="Title">Microsoft .NET Framework kreves for [WixBundleName]-installasjon</String>.. <String Id="ConfirmCancelMessage">Er du sikker p. at du vil avbryte?</String>.. <String Id="HelpHeader">Installasjonshjelp</String>.. <String Id="HelpText">/passive \| /quiet - viser minimalt brukergrensesnitt uten ledetekster, eller.. ikke noe brukergrensesnitt og ingen ledetekster. Som standard vises.. brukergrensesnitt og alle ledetekster...../norestart - undertrykker alle fors.k p. omstart. Som standard sp.r.. brukergrensesnittet f.r omstart.../log log.txt

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1045\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2368
Entropy (8bit):	5.270514043715206
Encrypted:	false
SSDEEP:	48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L
MD5:	96ACAAA5AEF7798E9048BAFF4C3FA8D3
SHA1:	E76629973F6C1CFC06F60BA64FE9F237B2DB9698
SHA-256:	F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C
SHA-512:	964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pl-pl" Language="1045" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalator programu [WixBundleName]</String>.. <String Id="Title">Do zainstalowania programu [WixBundleName] jest wymagany program Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Pomoc instalatora</String>.. <String Id="HelpText">/passive \| /quiet - wy.wietla minimalny interfejs u.ytkownika bez monit.w.. lub nie wy.wietla interfejsu u.ytkownika ani monit.w. Domy.lnie jest.. wy.wietlany interfejs u.ytkownika i wszystkie monity...../norestart - pomija wszelkie pr.by ponownego uruchomienia. Domy.lnie.. interf

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1046\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2147
Entropy (8bit):	5.130635342194656
Encrypted:	false
SSDEEP:	48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6
MD5:	BD39ADB6B872163FD2D570028E9F3213
SHA1:	688B8A109688D3EA483548F29DE2E57A8A56C868
SHA-256:	ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15
SHA-512:	F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-br" Language="1046" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">Microsoft .NET Framework . necess.rio para instala..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/passive \| /quiet - exibe UI m.nima sem avisos ou exibe sem UI e.. sem avisos. Por padr.o a UI e todos avisos s.o exibidos...../norestart - suprime qualquer tentativa de reinicializa..o. Por padr.o a UI.. ir. solicitar antes de reiniciar.../log log.txt - logs para um arquivo espec.fico. Por padr.

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1049\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2880
Entropy (8bit):	5.408094213063887
Encrypted:	false
SSDEEP:	48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL
MD5:	DAF167AF4031EF47E562056A7D51AA73
SHA1:	0156B230CADD6169AC2820865E3C031ED79785EF
SHA-256:	C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B
SHA-512:	5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ru-ru" Language="1049" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">......... [WixBundleName]</String>.. <String Id="Title">... ......... [WixBundleName] ......... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........ ........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/passive \| /quiet - ........... ............ .. ... ........ ... ...... ... .. .. . ............ .. ......... ............ .. . ... ......

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1051\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2334
Entropy (8bit):	5.397882326481071
Encrypted:	false
SSDEEP:	48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:8L1TuPdKNzfifFmcatm
MD5:	016C278E515F87F589AD22C856B201F7
SHA1:	F20C7DB38B3161B143DEC4E578CE71D7F585F436
SHA-256:	4A7FDF4A9033FE05C31F565ED3AE5B8C67D324B7AEADB737CE95DBB416D46868
SHA-512:	310C85B27E1ECF4C6729E88051037150CFBA0234A0138666C26662B3D665FF38B74E95ABCADDEEF6CBEBB23E3357FAC487E6EE5EB8FE158C269D77672191B042
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sk-sk" Language="1051" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] . in.tal.cia</String>.. <String Id="Title">Na in.tal.ciu aplik.cie [WixBundleName] sa vy.aduje s..as. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Naozaj chcete zru.i. oper.ciu?</String>.. <String Id="HelpHeader">Pomocn.k pre in.tal.ciu</String>.. <String Id="HelpText">/passive \| /quiet . zobraz. minim.lne pou..vate.sk. rozhranie bez v.ziev alebo.. nezobraz. .iadne pou..vate.sk. rozhranie ani v.zvy. Predvolene sa.. zobrazuje pou..vate.sk. rozhranie aj v.etky v.zvy...../norestart . zru.. v.etky pokusy o re.tart. Pou..vate

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1053\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2132
Entropy (8bit):	5.1255014007111495
Encrypted:	false
SSDEEP:	48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M
MD5:	D95E81164C57B6FD75E7C3022454192E
SHA1:	5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A
SHA-256:	6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D
SHA-512:	9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sv-se" Language="1053" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-installation</String>.. <String Id="Title">Microsoft .NET Framework kr.vs f.r installation av [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Vill du avbryta?</String>.. <String Id="HelpHeader">Installationshj.lp</String>.. <String Id="HelpText">/passive \| /quiet - visar ett minimalt anv.ndargr.nssnitt utan prompter,.. alternativt inget anv.ndargr.nssnitt och inga prompter. Som standard visas.. anv.ndargr.nssnitt och samtliga prompter...../norestart - hejdar omstart. Som standard visar anv.ndargr.nssnittet en.. prompt f.re omstart.../log log.txt - skapar logg till

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1055\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2303
Entropy (8bit):	5.2754753523795275
Encrypted:	false
SSDEEP:	48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg
MD5:	01B200E06BA600A4EF00C00F7AAC5CE4
SHA1:	22234426C42637E069A46217019551E4434A4AB6
SHA-256:	06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D
SHA-512:	8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="tr-tr" Language="1055" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName] kurulumu i.in Microsoft .NET Framework gerekir</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/passive \| /quiet - komut istemi olmayan olabildi.ince k...k bir UI.. g.r.nt.ler veya komut istemi ve UI g.r.nt.lemez. Varsay.lan olarak UI.. ve t.m komut istemleri g.r.nt.lenir...../norestart - yeniden ba.latma denemelerini engeller. Varsay.lan.. olarak UI yeniden ba.latmadan .nce komut isteyecekt

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\1060\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2200
Entropy (8bit):	5.1485120966265
Encrypted:	false
SSDEEP:	48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL
MD5:	5836F0C655BDD97093F68AAF69AB2BAB
SHA1:	B6842E816F9E0DCC559A5692E4D26101D10B4B16
SHA-256:	C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C
SHA-512:	640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sl-si" Language="1060" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Namestitev</String>.. <String Id="Title">Microsoft .NET Framework, potreben za namestitev paketa [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Ali ste prepri.ani, da .elite preklicati?</String>.. <String Id="HelpHeader">Pomo. za namestitev</String>.. <String Id="HelpText">/passive \| /quiet - prika.e minimalni uporabni.ki vmesnik brez pozivov ali ne prika.e.. uporabni.kega vmesnika in pozivov. Privzeto so prikazani uporabni.ki vmesnik in.. vsi pozivi...../norestart - skrije vse mo.nosti za vnovicni zagon. Privzeto uporabni.ki vmesnik.. prika.e poziv pred ponovnim zag

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\2052\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	1980
Entropy (8bit):	6.189594519053644
Encrypted:	false
SSDEEP:	48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV
MD5:	A34DCF7771198C779648B89156483E83
SHA1:	A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F
SHA-256:	89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6
SHA-512:	0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-ch" Language="2052" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] .... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive \| /quiet - ..... UI .......... UI ... ........... UI ........../norestart - .............. UI ........../log log.txt - .............. %TEMP% ........</String>.. <String Id="HelpCloseButton"

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\2070\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2211
Entropy (8bit):	5.1155097909395035
Encrypted:	false
SSDEEP:	48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6
MD5:	8A278E519EF81B2847490EFB070219BC
SHA1:	7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8
SHA-256:	E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385
SHA-512:	88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-pt" Language="2070" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Configura..o do [WixBundleName]</String>.. <String Id="Title">O Microsoft .NET Framework . necess.rio para a configura..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem a certeza de que pretende cancelar?</String>.. <String Id="HelpHeader">Ajuda da Configura..o</String>.. <String Id="HelpText">/passive \| /quiet - apresenta IU m.nima sem mensagens ou n.o apresenta IU nem.. mensagens. Por predefini..o, s.o apresentadas a IU e todas as mensagens...../norestart - suprimir qualquer tentativa de rein.cio. Por predefini..o, a IU.. avisar. antes de reiniciar.../log log.txt - r

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\3082\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2400
Entropy (8bit):	4.992567587099768
Encrypted:	false
SSDEEP:	48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8
MD5:	1024AA88AE01BC7BA797193CC6023375
SHA1:	9252A309C1CB32573F4D58A595A78660FDF54B2F
SHA-256:	B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A
SHA-512:	77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="es-es" Language="3082" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">La instalaci.n de [WixBundleName] requiere Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="HelpHeader">Ayuda del programa de instalaci.n</String>.. <String Id="HelpText">/passive \| /quiet - muestra una interfaz de usuario m.nima y no realiza.. preguntas, o bien no muestra interfaz de usuario y no realiza preguntas... De manera predeterminada se muestra la interfaz de usuario completa y se.. realizan todas las preguntas necesarias...../norestart - suprime cu

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperApplicationData.xml Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	7030
Entropy (8bit):	3.74663633154115
Encrypted:	false
SSDEEP:	96:XDXOn6hU1UeycptVkAn6W6lUhycJVwn62KqM0wwVycBgn65eItUUycxQtTUctY2d:XDeCN4xtOiwdKW/4IgqIWuLtbuhA9
MD5:	E171BE228AF33C1BD57068F1083FA737
SHA1:	1BBBAC452C274C1A3986FCB9BB41FA746DE0BDB1
SHA-256:	495298882A36EDA1545A57A9E0F74A050653705E879EF3BD1C078632F2C65189
SHA-512:	49416093ECBD5DFFB5FFCF725D8BCE7E704211FDC2D4DF5CACC2261E24B450DD3A0F00DAEF95DDE6AE95F5FCE6A00212A99E3E4757C7124F8C4144D70137F106
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".I.n.t.e.l... .D.r.i.v.e.r. .&.a.m.p.;. .S.u.p.p.o.r.t. .A.s.s.i.s.t.a.n.t.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.a.2.5.f.f.3.1.6.-.2.5.3.4.-.4.b.5.3.-.9.4.f.c.-.8.0.c.3.d.e.a.a.d.b.f.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.E.2.2.0.B.4.D.B.-.8.A.E.5.-.4.9.E.2.-.9.0.E.A.-.B.F.4.7.D.7.E.8.1.3.D.0.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.M.b.a.P.r.e.r.e.q.I.n.f.o.r.m.a.t.i.o.n. .P.a.c.k.a.g.e.I.d.=.".N.e.t.F.x.4.6.2.W.e.b.". .L.i.c.e.n.s.e.U.r.l.=.".h.t.t.p.s.:././.r.e.f.e.r.e.n.c.e.s.o.u.r.c.e...m.i.c.r.o.s.o.f.t...c.o.m./.l.i.c.e.n.s.e...h.t.m.l.

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCommonUI.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	405408
Entropy (8bit):	5.467842729846682
Encrypted:	false
SSDEEP:	3072:HlCdEMrN5nVmjsdm7pCTDc+2VcW9BR/tj0ClvpqATHw9/HwGZCjWDb742mruj2l0:qEWN2jsqs/2T/NpfA/Hjm7Rj7C
MD5:	3A01F1DA65B67D64B55C686C362353EC
SHA1:	CA68772240C924DE368235C344C7232BD32EBC7F
SHA-256:	189E66A47216BC54538C7AEEEA5C704CB9F46469E61BD14C3F820605A3348B41
SHA-512:	93F4C54F5D99262E550FBC71B9E4210A3312DC6D8AAA9BE53EC2E1129D98FEBA8653DB3048A71DF9A0618336854CD24854F9965FA39AE2F949D2CAF32AD82E2D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q(..........." ..0..............!... ...@....... ....................................`.................................=!..O....@...................%...`....... ..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................q!......H........j..............\...0............................................(....,..o....o....r...pr...po.....o....o....r...pr...po.......0..n.......r%..ps......o ...o!....+,.o"...r...po#...%-.&.+.o$...r...p(%...,....'.o&...-....,..o'.......,..o'......&.......(......8O..........P[..........gg.......0.......... .... ....((...r...po).....o......+a......o).......r%..po+...t........,+...,&....rI..p.o,...,...r...po+...u]......+....,...o'......X....i2....,..o'......&.....*...(..

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.config Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	807
Entropy (8bit):	5.0651497965248105
Encrypted:	false
SSDEEP:	12:MMHd41Pd7lzc+TXYr+XFy9bWzc+TXYcXII3VymhsSlxDHIdFY9g3XmGmKUHfjDjL:Jd67RtYrx9itYhmhLxjYJ3WztrPO3I
MD5:	863B58845AE705F5153CF963A94FD802
SHA1:	1242BC75463BDD5E1FFA0FB285F95A648C90E021
SHA-256:	99386A342473E5442694EE565C187C604A0EFA1A514914DAE3E1790FB46F9AF2
SHA-512:	F0C0674D4A6FF00BFC50651954F1ED79CC04D6668B0DB9A87BB5AF868B18C42D494389FABFF8296B6DDC9EE5293AA5380433FF069C696BE6FDD2E9D35E2717B6
Malicious:	false
Preview:	.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="wix.bootstrapper" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperSectionGroup, BootstrapperCore">.. <section name="host" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.HostSection, BootstrapperCore" />.. </sectionGroup>.. </configSections>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. See http://msdn.microsoft.com/en-us/library/vstudio/w4atty68%28v=vs.110%29.aspx -->.. <supportedRuntime version="v4.0" />.. </startup>.. <wix.bootstrapper>.. <host assemblyName="BootstrapperUpdateUI">.. <supportedFramework version="v4\Full" />.. <supportedFramework version="v4\Client" />.. </host>.. </wix.bootstrapper>..</configuration>

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperCore.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	90032
Entropy (8bit):	5.688550211341784
Encrypted:	false
SSDEEP:	768:9BgPxZlx0MBps+j7ejaab0Y6OwE7v10WHSp5fh06iG27N9k+6ybJ1ErEgtCmYjhm:HHMBp/GRbgi5ofpiG2pq+51EogsmYI
MD5:	B0D10A2A622A322788780E7A3CBB85F3
SHA1:	04D90B16FA7B47A545C1133D5C0CA9E490F54633
SHA-256:	F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426
SHA-512:	62B0AA09234067E67969C5F785736D92CD7907F1F680A07F6B44A1CAF43BFEB2DF96F29034016F3345C4580C6C9BC1B04BEA932D06E53621DA4FCF7B8C0A489F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 2%
Joe Sandbox View:	Filename: PDFCreator-4_0_3-Setup.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Mp.].........." ..0...... ........... ...@....... ..............................N.....@.................................`...O....@...............@.......`......(-............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\BootstrapperUpdateUI.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38304
Entropy (8bit):	6.628279184018862
Encrypted:	false
SSDEEP:	768:kuUi5iFy3c6bY4m8WwLPSIKdVRlZKYun2f1beVDgp9E+8iROBS:Ui5iFy3bVWwLPSIWHlZdu8kMQ+8iAI
MD5:	137A753045660F7D59666CB220B83317
SHA1:	659FC454233F99FD61F6A1A09F8D84CFCE97FEE2
SHA-256:	12B1DD3ED5F6AFBCA7D30D1571F808002D5A8C714EE5BA4824E039F180FAF653
SHA-512:	31A5996F7CED3969BF4805CF1D110D8E55F3710B1B6CC58F07E82907202B9F729EAC66C81111FEA79B968FE96BE209E88EB31609E882B7D16223B3780D85225C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..f..........b.... ........... ..............................Ef....`.....................................O.......P............p...%..........\...8............................................ ............... ..H............text...hd... ...f.................. ..`.rsrc...P............h..............@..@.reloc...............n..............@..B................A.......H.......(0.../..........._..p#...........................................~............~............~............~............0...........(.....r...po....(....(.....(.......rQ..po...+}......{....s....(....}.....(....o ....(!......(".......(!......("....3..{....o#...($...rg..p(%...-.rg..p.(&...('...o(...o)...o*....s+....s,....(........(-...,f..(........E........0.......+H.(........(/....o0...+1.(........(/....o1...+..(........(/...(.....o2....!...(.....r}..p..o3...(4...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\GalaSoft.MvvmLight.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30208
Entropy (8bit):	5.480813210667336
Encrypted:	false
SSDEEP:	768:yQrLeg1z+o9LyepjivwvCGIzCGShkS6fF3xLAJs+d:tKExEJGB4fXLAL
MD5:	AF04687248DA9E95A7FF65AB538D0BCF
SHA1:	7511184300E2B6F70BC92333392386A812B2DABF
SHA-256:	B097FCA120A9E76FA870D82662BDD233ADBF08FC34A3C509F31CC5CED0AC1ECF
SHA-512:	A5EAB337F6386DE5FB2CC809730BAC7D17CDFB309AFEA32E65E9D8C457F97AC3E3F03CEBD48535CF253E28F3AA600F234631C2060EC59ACB917CB5F135F4B67A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: RFLinkClient-2.30.0.29010.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....wZ.........." ..0..l............... ........... ..............................3....@.................................T...O.......h............................................................................ ............... ..H............text....j... ...l.................. ..`.rsrc...h............n..............@..@.reloc...............t..............@..B........................H.......@=..\K...........................................................0..)........{.........(....t......\|......(...+...3.....0..)........{.........(....t......\|......(...+...3...{........0..\........(....(......(....-G..o....->..+..o....(.......o....,...+..o.........(....3..-.r...p.s....z.0...........{......,....s....o.....0...........{....,..(...+..(....-...o......0..O........-.r'..ps....z.o ...u=...%-.rM..pr'..ps....zo!...u....%-.ro..pr'..ps....zo"....(#....q.....

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\de\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40352
Entropy (8bit):	6.086629350591749
Encrypted:	false
SSDEEP:	768:kTeuSr5J7M/xSzQnI/rfl+FNnrJq/rff2adjVbeVDqdp9E+8iRO3ix:kTeuW5J702M/rJIyqEOdQ+8iA3ix
MD5:	479B248586467DC3643360AA49ADB81E
SHA1:	B01FC089CEF423A961BD9BF0F55776719C4CE098
SHA-256:	8D52CC7ECFEF824A77A465F89682AD3CF54B801CC525F43216AB8CED34C638BB
SHA-512:	8E345256CBFFB6C1F169107DB408828F8A33AF7301ABFEF0D6ED1D3AC989AFA8E864E6E15287AB11AA9F3762DC8B0BC2149FD356E3793ABA9D20159CCE130293
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....p............... ........... ....................................@....................................S....................x...%........................................................... ............... ..H............text...$n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B........................H.......p...X...........P ...j...........................................j.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\es\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.053856304423901
Encrypted:	false
SSDEEP:	768:tTSRibNqH1XCrJs0BBBnrPaObeVDap9E+8iROr:tTmiJuyl9rmjGQ+8iAr
MD5:	D47E273EB8741263F0F5F439594CA237
SHA1:	F70898C76733C4337C9CAB3E6B06CE5D0D7DE507
SHA-256:	8A5240DB1905DBC71D763B9E99383B44B2605A541F8B9A7BCB1C52FEE8B8E629
SHA-512:	40E6FAA2F3B0BB3D46F16BEFD42A74D47E94B237A3B1609CE1A3BCF919ECCBA5F54EA7FB1DADC68C65C7D4B036A86AEC21A9030E82F83C286F89C0C50F2AF0FF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ..............................H.....@.................................H...S....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\fr\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39328
Entropy (8bit):	6.089412585212967
Encrypted:	false
SSDEEP:	768:nx2KD8g4jpHDfOP61PV+e9glnmB3WZ+nl4B1Pwk/miT1HgwbeVDap9E+8iROK:nUPBdfOP2V9MnmFnnYt/m8S9uQ+8iAK
MD5:	0D1090BFD28DD606F5D5E1D921AB30A5
SHA1:	5C57AA5434941C22D1A9FAC9A16378DFF66FCF6B
SHA-256:	DF4D970F7546A1F5947D0D5AAD5C7E2CBF65D08D61B8C5F4D855EB74A1C37E39
SHA-512:	55582F322EC0B099CF55CF4B71D2EA56131C0480890A4CF1FE845EC6A54A4944625297A3256B6E569E0EECAC0DD871D9C41C404FECFD36D1F52276E3C037F95C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....l.............. ........... ...............................)....@.....................................O....................t...%........................................................... ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B.......................H.......D...X...........P ...f...........................................f.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\id\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38304
Entropy (8bit):	6.013168732922719
Encrypted:	false
SSDEEP:	768:UCwOw4YC6Yy/649XQYBwn5XKbeVD2p9E+8iROP:UCPnYD/R9otnKQ+8iAP
MD5:	AE246C76DC983BD7A2D991333306BFD5
SHA1:	FF3A17A16AD67C3C5CBBFD1C817868893CCDA4DB
SHA-256:	EF295A86B80666DCE11311E038E3037F167FA6289B849A0F5D5FD1395DB67B14
SHA-512:	FAA4A53D3FFC311AC4302ADA1F22A12C7FDED7558BD1BF94FC4A2A940ED4C9D47005C45E713745373B083E9223D43E54F4B19316E2E3DE76D5CEB993EBFBADD3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....h............... ........... ....................................@.....................................W....................p...%........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc................j..............@..@.reloc...............n..............@..B........................H.......\...X...........P ...b...........................................b.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\it\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.022209665389889
Encrypted:	false
SSDEEP:	768:EyfpWp7JPytp3/dtRz3BNKdA/dtRzGuwBaNbeVDPp9E+8iROr:EyhoPytp3/zBydA/zBGuRcrQ+8iAr
MD5:	91A36BD2A42052F47B3FCB00D07B0C42
SHA1:	9692F75AEA3041EF2BE34BD58D7808DD5803598B
SHA-256:	B5E98E77F21C9A545999B93C69168268FDB373E71E31D37217A2C60EA57EE42C
SHA-512:	0017817753A3D84C061617DC82861D04E919B6B82DAF4C247D4913E30A0350C1EA195688FD96753BC053CDAF3CF9B8BB8299CC70EFC89A0BB1620233FFD335EC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j.............. ........... ....................................@.....................................S....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H.......0...X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ja\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	43424
Entropy (8bit):	6.313289824466315
Encrypted:	false
SSDEEP:	384:8QgMPuUt+Gk/wHdbIO6ZykDSr+O3+yKO4LZyykDStmoZWQezQtsEX6zjVDw41G9Y:XFxqnSSCQ0QtbeVDop9E+8iROZ
MD5:	065EB041FE86F539EF2F9132A73444AA
SHA1:	7A4093FB71BA782E4BB42F5B9F5C1FD48A927B7D
SHA-256:	6538E633534F92052FEADF88201631EEE778417E96D321F4C52A16307C4B6C77
SHA-512:	48EB9CDE18CE8D6E9BDD84B0E5DDE76F38D0F5FF1659AE72F2377A115A3B35D14285F6E05C2BEEBED621F8FFFBD193CF46FFF10299C4062B2FBDB138BD94C997
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....\|............... ........... ...............................C....@.................................\...O........................%........................................................... ............... ..H............text....z... ...\|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H...........X...........P ...v...........................................v.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ko\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.498273961113996
Encrypted:	false
SSDEEP:	768:i4Ppg/V7jcTLe+uFVDsykFxrd99Z8tfHlbuFVoFiBprpXVJ28X2abeVDmp9E+8iW:iuE0PkVH4xrdGhkVs+prp836Q+8iAP
MD5:	DA0FC238D168F9679A97B854D167F52E
SHA1:	5B49A441120535412CC626D487139B0AABDC0C66
SHA-256:	931AE22FAD80F5571D0CB372EB3BC2247AC4AAEF6C959DAA21C8B1FC2686D394
SHA-512:	D443571F95273E7ECEADE0D25E3624792098A3B207D47269A1B7F41988E2F65DC399FDFFE8D9FF7E5F1BCB0AFE8DBBF9E0F0407786451AFC0F3EFBBBF211B6FE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ...................................@.................................L...O....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H..........X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbahost.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	122288
Entropy (8bit):	6.643662045821993
Encrypted:	false
SSDEEP:	3072:iyjfrCvv4JR5zsemsABCF0TPSLNegl/+b:xrrCYRsehsIX/E
MD5:	C59832217903CE88793A6C40888E3CAE
SHA1:	6D9FACABF41DCF53281897764D467696780623B8
SHA-256:	9DFA1BC5D2AB4C652304976978749141B8C312784B05CB577F338A0AA91330DB
SHA-512:	1B1F4CB2E3FA57CB481E28A967B19A6FEFA74F3C77A3F3214A6B09E11CEB20AE428D036929F000710B4EB24A2C57D5D7DFE39661D5A1F48EE69A02D83381D1A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v........................}.......\|..............................o..............2~......2~......2~q.............2~......Rich....................PE..L...Tp.]...........!.....&..........(>.......@.......................................;....@.....................................x......................................T...........................H...@............@...............................text....%.......&.................. ..`.rdata...s...@...t...*..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	188848
Entropy (8bit):	6.598346436496911
Encrypted:	false
SSDEEP:	3072:iaVVzf0r2vM357+pwnohBIiv8+2kt2GOTALPN2obXbE7PKPU9+Wxhsz7CMD:iaLzfpIsHhBIqgGOTALFdbz7f
MD5:	FE7E0BD53F52E6630473C31299A49FDD
SHA1:	F706F45768BFB95F4C96DFA0BE36DF57AA863898
SHA-256:	2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80
SHA-512:	FEED48286B1E182996A3664F0FACDF42AAE3692D3D938EA004350C85764DB7A0BEA996DFDDF7A77149C0D4B8B776FB544E8B1CE5E9944086A5B1ED6A8A239A3C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:v.O~.c.~.c.~.c....t.c......c....f.c.,.g.n.c.,.`.l.c.,.f.a.c.wo..z.c.wo..c.c.~.b.\|.c..~f.g.c..~c...c..~....c.~.....c..~a...c.Rich~.c.........PE..L...Yp.]...........!................................................................1.....@.........................`.......L...................................`.......T...........................H...@...............\............................text............................... ..`.rdata..2...........................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.png Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	797
Entropy (8bit):	7.648767094164769
Encrypted:	false
SSDEEP:	12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5
MD5:	A356956FD269567B8F4612A33802637B
SHA1:	75AE41181581FD6376CA9CA88147011E48BF9A30
SHA-256:	A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
SHA-512:	A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E
Malicious:	false
Preview:	.PNG........IHDR...?...?.....W_......sRGB.........gAMA......a.....pHYs..........+......IDAThC./W.0....P(...Db+q8$.........J...-..8.e]._..;........Y... .Y....z\........{W\|..../q..<%.....C5...0....OrU....,..^........).....2.......i.Ge..T9T..}.7..J.......}..b...S.>.%y..Fc..j.X.....y."...e.U..M(ez....4\..C....u.......w..0..J.Wo."...mM.r.h..8..q..X..k!...j..xn...l...W`..r.+.R..J........c.T.}......cz..<43..@.c..rH...\|..V.....K.mN.........k....,..4OL..5..M.tm%=.U.t-7.w....k.R.....c...-].5~..]2..5...GA..[..={.5..].=(.$}.\.9..5...MWu..[#.....F..j.F...d...,..MWu.7..3......$.......G.t.....=;N<_:[......0.,1.y.\.Z.\|..%..>}...q.s....y.#p......!-.;.6!o.KO..E.6...........<..c..9_B....y....im...b...Xn.....)t9Q...........V.WMtP. .P..Z.&..KR.ac......IEND.B`.

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.thm Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3915
Entropy (8bit):	5.15881451198739
Encrypted:	false
SSDEEP:	48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP
MD5:	A20778EC90A094A62A6C3A6AB2A6DC7D
SHA1:	74C131B5FD80446FFDF2AFAD723762DD36621309
SHA-256:	F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA
SHA-512:	47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="mbapreq.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="96" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="112" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2464
Entropy (8bit):	5.076345322304751
Encrypted:	false
SSDEEP:	48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O
MD5:	4D2C8D10C5DCCA6B938B71C8F02CA8A8
SHA1:	11577021465379E9D1FF4260E607149BA5DFA6B3
SHA-256:	C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96
SHA-512:	AE791C1F05821167F1D2E1D07DBF95FE7E72B35B3E4B1E22720006C7A672B1330B748414792392B0E806F111AA4EFC1C424F4479EBDE349E3F079792DBB3BF47
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">Microsoft .NET Framework required for [WixBundleName] setup</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/passive \| /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>.. <String Id="HelpClos

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pl\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40352
Entropy (8bit):	6.310354488283983
Encrypted:	false
SSDEEP:	768:mkPGCL2myUTHoA87E37dT02gul8owaSzK637oqowakgESD0bbeVDtAp9E+8iROg:mkP555T02g68o1wcqo1AquQ+8iAg
MD5:	FECBD2AF3B28B6BFD8E0F951DE617CF3
SHA1:	08905E709CC8936D52774418301B5EF33737E773
SHA-256:	5853A6EF29FD609F501E35D03E674F0448CDE46A079C2814F92BE4E3DDCE7FF2
SHA-512:	8E7967D72004A42B92C74CAD3AAE7E6A14FD982448285DDC0EC2CBF61037F7E80B6908FBC609C805E50803D550120CF6F09AB1A041C6B3FCBA6E9F752CDD6255
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....p..........^.... ........... ...............................R....@.....................................W....................x...%........................................................... ............... ..H............text...dn... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................@.......H...........X...........P ..Yj..........................................Uj.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37280
Entropy (8bit):	6.145815174333101
Encrypted:	false
SSDEEP:	768:u3WKdhrdgMCc2HyiCeQDgefew10dNU7DbUgMfJ6gZjbeVD2p9E+8iRO4:u3VgFq0gayiQ+8iA4
MD5:	00630F6D925CA905343456825BB9F7C3
SHA1:	D1DC69D2E8CE513A0C4053A13F3E970640670853
SHA-256:	374B182B41FB62CE1CFF4F99B06CB7E402BE7758249ADD10CADC0E21BDC9E60C
SHA-512:	34380BA1C06DA88491FF89E6B6A597F47BE819978B9CF1326F5FB3F9D16CD8CDB6B3C29F1FDBEF6C1EA6EB465CC6E7EC909F6B5BA742E1FE08010A247BBA1FC1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....d.............. ........... ..............................Hn....@.....................................K....................l...%........................................................... ............... ..H............text....c... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B........................H.......0...`...........P ..._..........................................._.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\ru\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	63904
Entropy (8bit):	5.39034467207354
Encrypted:	false
SSDEEP:	1536:Q69VHjqCcFekDExtBJsLZCUuA4+cDpf49bCfAHmFrExcLp+IpfFoTMvqPc33Q+8p:Q69VHjqCcFekoxtkZu/FA8fAHmFwxyjW
MD5:	5F4FF576D99D234ED748022E41AD86A1
SHA1:	7C3C33A1E5DABF1178CCC75F2EAD082F9578FE9C
SHA-256:	7C6FF924F38ECEFB8D4946855B569D61C145C8B7809E935089A18CF900B4F669
SHA-512:	566328543F4944761EAF83223700EDA0B958EFBA7B89E9213F8509BEAB228445502486E1CA87FE1D06569A7CC2F4F522C0E72D767380DE68AB2B41780EA61A20
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!................n.... ........... .......................@.......j....@................................. ...K........................%... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H...........X...........P ..u...........................................q..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\th\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	68512
Entropy (8bit):	4.96373836759445
Encrypted:	false
SSDEEP:	1536:cfmOndidiE39wHV1+3sw95t43LdQ+8iAx:smOH11mZxYLCDx
MD5:	27E8AEE9C66C8B3940F27DE5F4ADCB04
SHA1:	2250D67F3FEB48DC054E981CA0AABD509031B6D0
SHA-256:	B69A30ABEC11B1DCDA489B533676B7401E12643276F5F331D54E3E186A5F7D23
SHA-512:	19FF3024A584653A57990E287E9A34463F63DE5CEEA517F8BB4DCB07E7326F373C81D53E87A7D47F2B7C55ED445836BD1E30A9203C7F3769ED4B385EF5BCF752
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!..................... ........... .......................@.......\|....@.................................P...K........................%... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........X...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\tr\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.280801304551641
Encrypted:	false
SSDEEP:	768:B7Gtq4XXYbKt7WimSjNolmKt7kvepbY7kq/XbeVDnMp9E+8iROa:B7GDiqWimw+lmqkvCbKOoQ+8iAa
MD5:	CAEFE10444EF2E702A5E6BDAEB1FFDC2
SHA1:	CD0BC746484E5ED24A29D9769F8C0B38D0C6F1B4
SHA-256:	5A9DDEBF290891DA45352B5D4328B1212C1F7E7812FCF89B656B860434F09D2A
SHA-512:	29B79B490EF6135A5F4EAF164590993C4FA1C1E494F7AA11EC6E33029A2530F227B182DD31353EB9F624055AFF8D2E24DA3B18E5647F0D74CD355E88E2F94EC4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ....................................@.................................H...S....................r...%........................................................... ............... ..H............text....i... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........X...........P ...e...........................................e.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\vi\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	43936
Entropy (8bit):	6.370638365485673
Encrypted:	false
SSDEEP:	768:XfkrPatUhuHRPyagewmNX0sxTWDeC2lmHKyam4j+08YyObbbeVDjpp9E+8iROj:XfgaWhuHaewm9DMv2cHf4q5Y7qRQ+8iq
MD5:	9B01B273FD50CAE6C40DB985A4888CBB
SHA1:	2B721FD934AE295ADB13232B4DB53DD81A47DFE5
SHA-256:	BF74806443370E9BE2026E8A2D45BF420B98F6896E691A833DACCC6FBD17F840
SHA-512:	2B73E1A3E5FF5835CB4B17D0D10C222696E0188EDFC014A9EADC4B73CF819226BA71E3DB769AC1B865AE9585E9A16AB0EDF86ECC713589FA71729B64DC74CB81
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....~.............. ........... ...............................3....@.....................................K........................%........................................................... ............... ..H............text....}... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(...X...........P ...y...........................................y.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32672
Entropy (8bit):	6.910853627790309
Encrypted:	false
SSDEEP:	768:9cZb7f0iXxpRCKamnypO/MceFqmbeVDVFp9E+8iROL:9cRffXx1ybctb3Q+8iAL
MD5:	4877E86A1734F542A7D8CB9D40A584BA
SHA1:	C7CC6EDE71D17B9D953FFC69D759E0421249EA1C
SHA-256:	8B87FE546AF95FFA73FE512C973475E31826C74B49E37DDB9D6A30F7B610247F
SHA-512:	B2D8D09055006032C57B27F52C36EE8744DF1901ADBD80BEDD4B9D4B491AD7F6E9D93F6CF3B9015767CE10AE091A86EE2C6C18FD0EE01D56EC8666DB382A1C8E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....R...........p... ........... ....................................@..................................p..K....................Z...%........................................................... ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B.................p......H....... m..`...........P ...L...........................................L.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{29D98A1A-6376-4440-900B-2652CE516F32}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33184
Entropy (8bit):	6.934296312564666
Encrypted:	false
SSDEEP:	768:BzEQ8R47KwynxXCFuKCfKvu2oFPc8WJgl6tdse9pHc2ClkcbeVDlAp9E+8iROC:BzEQ8kKJnxXWuKCyYGglbOFJhCQ+8iAC
MD5:	CD994FC793CB0EBAE2A5756CC0261E8D
SHA1:	2FC580C96C054F8E9DA9AB6140384609C1A8DA8B
SHA-256:	DF020E0934BDCB62431ABA18CC755BC0E498DAFABEB1C149BBAD7BA7CD7BD987
SHA-512:	88308AA92BD8871B023D9A0AD93A99123F139FECA8A350EBFE25871FC29B71C6D00717598D2E5BE3065D3DE3BF912A6794AF15FA4464B7C03F30150AAD12EABC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....T...........r... ........... ...............................,....@..................................r..K....................\...%........................................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................r......H.......@o..`...........P ...N...........................................N.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe Download File
Process:	C:\Users\user\Desktop\IDSAUpdate.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1122416
Entropy (8bit):	7.657850501096463
Encrypted:	false
SSDEEP:	24576:aNsfiTdYSuVzZH9tH1v1Xcl/wbvc3WxtlLwAGXhU4BmODXHiXgl:CT2pZ15bvcGrl0LXhU4BnDXHiw
MD5:	CBC3B680FDE6C81DC31BD7663E482F27
SHA1:	1F89A8DA038DE3A519FD50AA7F5B1F1F5072283B
SHA-256:	7AF48A943DB175FB1A4131EA7F4D0C018AFF8961B1DF5D9154B14BBD8418813B
SHA-512:	BEF8F3745E1126EC75AC273EDD0C4EAD329D546EA3E239A9E5800694E00DC351DE9B28A6D079903B61D03EB103C3003D651884C556F2D29D8133C0895AC15CB4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k.....wk......k.....ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......\|k..}k...k......\|k..Rich}k..........PE..L...2p.]............................q.............@.................................*AU...@.........................................................p.T..%.......=..0p..T....................p.......j..@...................4\|.......................text............................... ..`.rdata..`...........................@..@.data...............................@....wixburn8...........................@..@.rsrc...............................@..@.reloc...=.......>...D..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1028\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2025
Entropy (8bit):	6.231406644010833
Encrypted:	false
SSDEEP:	48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE
MD5:	1D4B831F77EFEC96FFBC70BC4B59B8B5
SHA1:	1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB
SHA-256:	1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C
SHA-512:	C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-tw" Language="1028" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName] ...... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive \| /quiet - ...... UI ............ UI ... ........... UI ........../norestart - ................UI ............./log log.txt - ............ %TEMP% ......</String>.. <Stri

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1029\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2458
Entropy (8bit):	5.36165936198009
Encrypted:	false
SSDEEP:	48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS
MD5:	CC8C6D04DC707B38E0F0C08BA16FE49B
SHA1:	95EA7F570677AEA52393D02FDB21CEBB218A7343
SHA-256:	DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9
SHA-512:	A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="cs-cz" Language="1029" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalace produktu [WixBundleName]</String>.. <String Id="Title">Pro instalaci produktu [WixBundleName] je vy.adov.no rozhran. Microsoft .NET Framework.</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/passive \| /quiet - Zobraz. minim.ln. u.ivatelsk. rozhran. bez jak.chkoli.. v.zev, nebo nezobraz. ..dn. u.ivatelsk. rozhran. ani ..dn. v.zvy. Ve v.choz.m.. nastaven. se jak u.ivatelsk. rozhran., tak i v.echny v.zvy zobrazuj....../norestart - Potla.. jak.koli p

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1030\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2286
Entropy (8bit):	5.061915970731254
Encrypted:	false
SSDEEP:	48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF
MD5:	7C6E4CE87870B3B5E71D3EF4555500F8
SHA1:	E831E8978A48BEAFA04AAD52A564B7EADED4311D
SHA-256:	CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
SHA-512:	2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="da-dk" Language="1030" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation af [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework skal v.re installeret i forbindelse med Installationen af [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Er du sikker p., at du vil annullere?</String>.. <String Id="HelpHeader">Hj.lp til installation</String>.. <String Id="HelpText">/passive \| /quiet - viser en minimal brugergr.nseflade uden prompter eller.. viser ingen brugergr.nseflade og ingen prompter... Brugergr.nsefladen og alle prompter vises som standard...../norestart - skjuler fors.g p. genstart. Der vises som standard en.. foresp.rgse

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1031\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2442
Entropy (8bit):	5.094465051245675
Encrypted:	false
SSDEEP:	48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD
MD5:	C8E7E0B4E63B3076047B7F49C76D56E1
SHA1:	4E44E656A0D552B2FFD65911CB45245364E5DBF3
SHA-256:	631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295
SHA-512:	FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="de-de" Language="1031" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <UI Control="InstallButton" Width="180" />.. .. <String Id="Caption">[WixBundleName]-Setup</String>.. <String Id="Title">F.r das [WixBundleName]-Setup ist Microsoft .NET Framework erforderlich.</String>.. <String Id="ConfirmCancelMessage">Sind Sie sicher, dass Sie den Vorgang abbrechen m.chten?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/passive \| /quiet - zeigt eine minimale Benutzeroberfl.che ohne.. Eingabeaufforderungen oder keine Benutzeroberfl.che und keine.. Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und.. alle Eingabeaufforderungen angezeigt...../no

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1032\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3400
Entropy (8bit):	5.279888750092028
Encrypted:	false
SSDEEP:	48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk
MD5:	074D5921AF07E6126049CB45814246ED
SHA1:	91D4BDDA8D2B703879CFE2C28550E0A46074FA57
SHA-256:	B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5
SHA-512:	28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="el-gr" Language="1032" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">........... ... [WixBundleName]</String>.. <String Id="Title">... ... ........... ... [WixBundleName] .......... .. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">..... ....... ... ...... .. ..... .......;</String>.. <String Id="HelpHeader">....... ... ... ...........</String>.. <String Id="HelpText">/passive \| /quiet - ......... ........ ........... ... ............. .......... ...... ..... ........ . ... ..

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1035\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2235
Entropy (8bit):	5.142592159444541
Encrypted:	false
SSDEEP:	48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs
MD5:	E338408F1101499EB22507A3451F7B06
SHA1:	83B42F9D7307265A108FC339D0460D36B66A8B94
SHA-256:	B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3
SHA-512:	F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fi-fi" Language="1035" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] -asennus</String>.. <String Id="Title">Microsoft .NET Framework tarvitaan [WixBundleName] -asennusta varten</String>.. <String Id="ConfirmCancelMessage">Haluatko varmasti peruuttaa?</String>.. <String Id="HelpHeader">Asennusohjelman ohje</String>.. <String Id="HelpText">/passive \| /quiet - n.ytt.. mahdollisimman v.h.n k.ytt.liittym.st.; ei.. kehotteita tai ei k.ytt.liittym.. ja kehotteita. Oletusarvoisesti.. k.ytt.liittym. ja kaikki kehotteet n.ytet..n...../norestart - est.. uudelleenk.ynnistysyritykset. Oletusarvoisesti.. k.ytt.liittym. kysyy ennen uudelleenk.yn

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1036\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2306
Entropy (8bit):	5.076293283609686
Encrypted:	false
SSDEEP:	48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY
MD5:	AA32A059AADD42431F7837CB1BE7257F
SHA1:	4CD21661E341080FB8C2DEFD9F32F134561FC3BA
SHA-256:	88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9
SHA-512:	78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fr-fr" Language="1036" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework requis pour l'installation de [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.tes-vous s.r de vouloir annuler.?</String>.. <String Id="HelpHeader">Aide de l'installation</String>.. <String Id="HelpText">/passive \| /quiet - affiche une interface minimale sans invites ou n'affiche.. aucune interface ni aucune invite. Par d.faut, l'interface et toutes les.. invites sont affich.es...../norestart - annule toute tentative de red.marrage. Par d.faut, l'interface.. affiche une invite avant de red.marrer..

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1038\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2392
Entropy (8bit):	5.293225307744296
Encrypted:	false
SSDEEP:	48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr
MD5:	17FB605A2F02DA203DF06F714D1CC6DE
SHA1:	3A71D13D4CCA06116B111625C90DD1C451EA9228
SHA-256:	55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF
SHA-512:	D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="hu-hu" Language="1038" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] telep.t.</String>.. <String Id="Title">A(z) [WixBundleName] telep.t.s.hez Microsoft .NET-keretrendszer sz.ks.ges</String>.. <String Id="ConfirmCancelMessage">Biztosan megszak.tja?</String>.. <String Id="HelpHeader">A telep.t. s.g.ja</String>.. <String Id="HelpText">/passive \| /quiet - Minim.lis felhaszn.l.i fel.let megjelen.t.se k.rd.sek.. n.lk.l, illetve felhaszn.l.i fel.let .s k.rd.sek megjelen.t.se n.lk.li.. telep.t.s. Alapesetben a felhaszn.l.i fel.let .s minden k.rd.s megjelenik...../norestart - Az .jraind.t.si k.r.sek elrejt.se. Alapeset

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1040\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	4.985260685429469
Encrypted:	false
SSDEEP:	48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp
MD5:	50261379B89457B1980FF19CFABE6A08
SHA1:	F80B1F416539D33206CE3C24BA3B14B799A84813
SHA-256:	A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7
SHA-512:	BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="it-it" Language="1040" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework necessario per l'installazione di [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida dell'installazione</String>.. <String Id="HelpText">/passive \| /quiet - visualizza l'interfaccia utente minima senza istruzioni.. oppure non visualizza n. l'interfaccia utente n. le istruzioni. Per.. impostazione predefinita vengono visualizzate interfaccia utente e.. istruzioni...../norestart - elimina eventuali tentativi di riavvio. Per impostazione.. predefinita l'int

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1041\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2545
Entropy (8bit):	5.923292576429967
Encrypted:	false
SSDEEP:	48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz
MD5:	DB0F5BAB42403FD67C0A18E35E6880EC
SHA1:	C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC
SHA-256:	CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE
SHA-512:	589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ja-jp" Language="1041" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ......</String>.. <String Id="Title">[WixBundleName] ........ Microsoft .NET Framework .....</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/passive \| /quiet - ... UI ....................UI.. .............. .....UI ....................../norestart - ........................

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1042\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2236
Entropy (8bit):	5.97627825234954
Encrypted:	false
SSDEEP:	48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY
MD5:	442F8463EF5CA42B99B2EFACA696BD01
SHA1:	67496DB91CBAA85AC0727B12FC2D35E990537DAC
SHA-256:	D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD
SHA-512:	A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ko-kr" Language="1042" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] ... ... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/passive \| /quiet - ... .. .. UI. ..... UI. .... .... .... ..... ..... UI . .. .... ........../norestart - .. ..... ... ...... ..... UI. .. .... .. .... ......../log log.txt - .

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1043\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2312
Entropy (8bit):	4.965432037520827
Encrypted:	false
SSDEEP:	48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl
MD5:	67F28BCDB3BA6774CD66AA198B06FF38
SHA1:	85D843B7248A5E1173FF9BD59CB73BB505F69B66
SHA-256:	226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E
SHA-512:	7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nl-nl" Language="1043" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installatie</String>.. <String Id="Title">Microsoft .NET Framework is vereist voor installatie [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Weet u zeker dat u de installatie wilt annuleren?</String>.. <String Id="HelpHeader">Help bij Setup</String>.. <String Id="HelpText">/passive \| /quiet - geeft een minimale gebruikersinterface weer zonder prompts.. of geeft geen gebruikersinterface en geen prompts weer. Gebruikersinterface.. en alle prompts worden standaard weergegeven...../norestart - pogingen tot opnieuw opstarten onderdrukken... Gebruikersinterface vraagt standaard al

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1044\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2171
Entropy (8bit):	5.089922193759582
Encrypted:	false
SSDEEP:	48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S
MD5:	5454F724C9CDAB8172678A1CC7057220
SHA1:	241A57018ACE1210881583A9CF646E7D2E51412F
SHA-256:	41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113
SHA-512:	40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nb-no" Language="1044" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installasjonsprogram</String>.. <String Id="Title">Microsoft .NET Framework kreves for [WixBundleName]-installasjon</String>.. <String Id="ConfirmCancelMessage">Er du sikker p. at du vil avbryte?</String>.. <String Id="HelpHeader">Installasjonshjelp</String>.. <String Id="HelpText">/passive \| /quiet - viser minimalt brukergrensesnitt uten ledetekster, eller.. ikke noe brukergrensesnitt og ingen ledetekster. Som standard vises.. brukergrensesnitt og alle ledetekster...../norestart - undertrykker alle fors.k p. omstart. Som standard sp.r.. brukergrensesnittet f.r omstart.../log log.txt

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1045\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2368
Entropy (8bit):	5.270514043715206
Encrypted:	false
SSDEEP:	48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L
MD5:	96ACAAA5AEF7798E9048BAFF4C3FA8D3
SHA1:	E76629973F6C1CFC06F60BA64FE9F237B2DB9698
SHA-256:	F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C
SHA-512:	964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pl-pl" Language="1045" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalator programu [WixBundleName]</String>.. <String Id="Title">Do zainstalowania programu [WixBundleName] jest wymagany program Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Pomoc instalatora</String>.. <String Id="HelpText">/passive \| /quiet - wy.wietla minimalny interfejs u.ytkownika bez monit.w.. lub nie wy.wietla interfejsu u.ytkownika ani monit.w. Domy.lnie jest.. wy.wietlany interfejs u.ytkownika i wszystkie monity...../norestart - pomija wszelkie pr.by ponownego uruchomienia. Domy.lnie.. interf

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1046\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2147
Entropy (8bit):	5.130635342194656
Encrypted:	false
SSDEEP:	48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6
MD5:	BD39ADB6B872163FD2D570028E9F3213
SHA1:	688B8A109688D3EA483548F29DE2E57A8A56C868
SHA-256:	ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15
SHA-512:	F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-br" Language="1046" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">Microsoft .NET Framework . necess.rio para instala..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/passive \| /quiet - exibe UI m.nima sem avisos ou exibe sem UI e.. sem avisos. Por padr.o a UI e todos avisos s.o exibidos...../norestart - suprime qualquer tentativa de reinicializa..o. Por padr.o a UI.. ir. solicitar antes de reiniciar.../log log.txt - logs para um arquivo espec.fico. Por padr.

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1049\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2880
Entropy (8bit):	5.408094213063887
Encrypted:	false
SSDEEP:	48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL
MD5:	DAF167AF4031EF47E562056A7D51AA73
SHA1:	0156B230CADD6169AC2820865E3C031ED79785EF
SHA-256:	C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B
SHA-512:	5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ru-ru" Language="1049" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">......... [WixBundleName]</String>.. <String Id="Title">... ......... [WixBundleName] ......... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........ ........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/passive \| /quiet - ........... ............ .. ... ........ ... ...... ... .. .. . ............ .. ......... ............ .. . ... ......

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1051\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2334
Entropy (8bit):	5.397882326481071
Encrypted:	false
SSDEEP:	48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:8L1TuPdKNzfifFmcatm
MD5:	016C278E515F87F589AD22C856B201F7
SHA1:	F20C7DB38B3161B143DEC4E578CE71D7F585F436
SHA-256:	4A7FDF4A9033FE05C31F565ED3AE5B8C67D324B7AEADB737CE95DBB416D46868
SHA-512:	310C85B27E1ECF4C6729E88051037150CFBA0234A0138666C26662B3D665FF38B74E95ABCADDEEF6CBEBB23E3357FAC487E6EE5EB8FE158C269D77672191B042
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sk-sk" Language="1051" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] . in.tal.cia</String>.. <String Id="Title">Na in.tal.ciu aplik.cie [WixBundleName] sa vy.aduje s..as. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Naozaj chcete zru.i. oper.ciu?</String>.. <String Id="HelpHeader">Pomocn.k pre in.tal.ciu</String>.. <String Id="HelpText">/passive \| /quiet . zobraz. minim.lne pou..vate.sk. rozhranie bez v.ziev alebo.. nezobraz. .iadne pou..vate.sk. rozhranie ani v.zvy. Predvolene sa.. zobrazuje pou..vate.sk. rozhranie aj v.etky v.zvy...../norestart . zru.. v.etky pokusy o re.tart. Pou..vate

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1053\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2132
Entropy (8bit):	5.1255014007111495
Encrypted:	false
SSDEEP:	48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M
MD5:	D95E81164C57B6FD75E7C3022454192E
SHA1:	5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A
SHA-256:	6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D
SHA-512:	9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sv-se" Language="1053" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-installation</String>.. <String Id="Title">Microsoft .NET Framework kr.vs f.r installation av [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Vill du avbryta?</String>.. <String Id="HelpHeader">Installationshj.lp</String>.. <String Id="HelpText">/passive \| /quiet - visar ett minimalt anv.ndargr.nssnitt utan prompter,.. alternativt inget anv.ndargr.nssnitt och inga prompter. Som standard visas.. anv.ndargr.nssnitt och samtliga prompter...../norestart - hejdar omstart. Som standard visar anv.ndargr.nssnittet en.. prompt f.re omstart.../log log.txt - skapar logg till

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1055\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2303
Entropy (8bit):	5.2754753523795275
Encrypted:	false
SSDEEP:	48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg
MD5:	01B200E06BA600A4EF00C00F7AAC5CE4
SHA1:	22234426C42637E069A46217019551E4434A4AB6
SHA-256:	06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D
SHA-512:	8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="tr-tr" Language="1055" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName] kurulumu i.in Microsoft .NET Framework gerekir</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/passive \| /quiet - komut istemi olmayan olabildi.ince k...k bir UI.. g.r.nt.ler veya komut istemi ve UI g.r.nt.lemez. Varsay.lan olarak UI.. ve t.m komut istemleri g.r.nt.lenir...../norestart - yeniden ba.latma denemelerini engeller. Varsay.lan.. olarak UI yeniden ba.latmadan .nce komut isteyecekt

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\1060\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2200
Entropy (8bit):	5.1485120966265
Encrypted:	false
SSDEEP:	48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL
MD5:	5836F0C655BDD97093F68AAF69AB2BAB
SHA1:	B6842E816F9E0DCC559A5692E4D26101D10B4B16
SHA-256:	C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C
SHA-512:	640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sl-si" Language="1060" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Namestitev</String>.. <String Id="Title">Microsoft .NET Framework, potreben za namestitev paketa [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Ali ste prepri.ani, da .elite preklicati?</String>.. <String Id="HelpHeader">Pomo. za namestitev</String>.. <String Id="HelpText">/passive \| /quiet - prika.e minimalni uporabni.ki vmesnik brez pozivov ali ne prika.e.. uporabni.kega vmesnika in pozivov. Privzeto so prikazani uporabni.ki vmesnik in.. vsi pozivi...../norestart - skrije vse mo.nosti za vnovicni zagon. Privzeto uporabni.ki vmesnik.. prika.e poziv pred ponovnim zag

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\2052\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	1980
Entropy (8bit):	6.189594519053644
Encrypted:	false
SSDEEP:	48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV
MD5:	A34DCF7771198C779648B89156483E83
SHA1:	A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F
SHA-256:	89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6
SHA-512:	0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-ch" Language="2052" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] .... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive \| /quiet - ..... UI .......... UI ... ........... UI ........../norestart - .............. UI ........../log log.txt - .............. %TEMP% ........</String>.. <String Id="HelpCloseButton"

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\2070\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2211
Entropy (8bit):	5.1155097909395035
Encrypted:	false
SSDEEP:	48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6
MD5:	8A278E519EF81B2847490EFB070219BC
SHA1:	7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8
SHA-256:	E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385
SHA-512:	88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-pt" Language="2070" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Configura..o do [WixBundleName]</String>.. <String Id="Title">O Microsoft .NET Framework . necess.rio para a configura..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem a certeza de que pretende cancelar?</String>.. <String Id="HelpHeader">Ajuda da Configura..o</String>.. <String Id="HelpText">/passive \| /quiet - apresenta IU m.nima sem mensagens ou n.o apresenta IU nem.. mensagens. Por predefini..o, s.o apresentadas a IU e todas as mensagens...../norestart - suprimir qualquer tentativa de rein.cio. Por predefini..o, a IU.. avisar. antes de reiniciar.../log log.txt - r

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\3082\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2400
Entropy (8bit):	4.992567587099768
Encrypted:	false
SSDEEP:	48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8
MD5:	1024AA88AE01BC7BA797193CC6023375
SHA1:	9252A309C1CB32573F4D58A595A78660FDF54B2F
SHA-256:	B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A
SHA-512:	77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="es-es" Language="3082" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">La instalaci.n de [WixBundleName] requiere Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="HelpHeader">Ayuda del programa de instalaci.n</String>.. <String Id="HelpText">/passive \| /quiet - muestra una interfaz de usuario m.nima y no realiza.. preguntas, o bien no muestra interfaz de usuario y no realiza preguntas... De manera predeterminada se muestra la interfaz de usuario completa y se.. realizan todas las preguntas necesarias...../norestart - suprime cu

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperApplicationData.xml Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	7030
Entropy (8bit):	3.74663633154115
Encrypted:	false
SSDEEP:	96:XDXOn6hU1UeycptVkAn6W6lUhycJVwn62KqM0wwVycBgn65eItUUycxQtTUctY2d:XDeCN4xtOiwdKW/4IgqIWuLtbuhA9
MD5:	E171BE228AF33C1BD57068F1083FA737
SHA1:	1BBBAC452C274C1A3986FCB9BB41FA746DE0BDB1
SHA-256:	495298882A36EDA1545A57A9E0F74A050653705E879EF3BD1C078632F2C65189
SHA-512:	49416093ECBD5DFFB5FFCF725D8BCE7E704211FDC2D4DF5CACC2261E24B450DD3A0F00DAEF95DDE6AE95F5FCE6A00212A99E3E4757C7124F8C4144D70137F106
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".I.n.t.e.l... .D.r.i.v.e.r. .&.a.m.p.;. .S.u.p.p.o.r.t. .A.s.s.i.s.t.a.n.t.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.a.2.5.f.f.3.1.6.-.2.5.3.4.-.4.b.5.3.-.9.4.f.c.-.8.0.c.3.d.e.a.a.d.b.f.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.E.2.2.0.B.4.D.B.-.8.A.E.5.-.4.9.E.2.-.9.0.E.A.-.B.F.4.7.D.7.E.8.1.3.D.0.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.M.b.a.P.r.e.r.e.q.I.n.f.o.r.m.a.t.i.o.n. .P.a.c.k.a.g.e.I.d.=.".N.e.t.F.x.4.6.2.W.e.b.". .L.i.c.e.n.s.e.U.r.l.=.".h.t.t.p.s.:././.r.e.f.e.r.e.n.c.e.s.o.u.r.c.e...m.i.c.r.o.s.o.f.t...c.o.m./.l.i.c.e.n.s.e...h.t.m.l.

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCommonUI.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	405408
Entropy (8bit):	5.467842729846682
Encrypted:	false
SSDEEP:	3072:HlCdEMrN5nVmjsdm7pCTDc+2VcW9BR/tj0ClvpqATHw9/HwGZCjWDb742mruj2l0:qEWN2jsqs/2T/NpfA/Hjm7Rj7C
MD5:	3A01F1DA65B67D64B55C686C362353EC
SHA1:	CA68772240C924DE368235C344C7232BD32EBC7F
SHA-256:	189E66A47216BC54538C7AEEEA5C704CB9F46469E61BD14C3F820605A3348B41
SHA-512:	93F4C54F5D99262E550FBC71B9E4210A3312DC6D8AAA9BE53EC2E1129D98FEBA8653DB3048A71DF9A0618336854CD24854F9965FA39AE2F949D2CAF32AD82E2D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q(..........." ..0..............!... ...@....... ....................................`.................................=!..O....@...................%...`....... ..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................q!......H........j..............\...0............................................(....,..o....o....r...pr...po.....o....o....r...pr...po.......0..n.......r%..ps......o ...o!....+,.o"...r...po#...%-.&.+.o$...r...p(%...,....'.o&...-....,..o'.......,..o'......&.......(......8O..........P[..........gg.......0.......... .... ....((...r...po).....o......+a......o).......r%..po+...t........,+...,&....rI..p.o,...,...r...po+...u]......+....,...o'......X....i2....,..o'......&.....*...(..

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCore.config Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	807
Entropy (8bit):	5.0651497965248105
Encrypted:	false
SSDEEP:	12:MMHd41Pd7lzc+TXYr+XFy9bWzc+TXYcXII3VymhsSlxDHIdFY9g3XmGmKUHfjDjL:Jd67RtYrx9itYhmhLxjYJ3WztrPO3I
MD5:	863B58845AE705F5153CF963A94FD802
SHA1:	1242BC75463BDD5E1FFA0FB285F95A648C90E021
SHA-256:	99386A342473E5442694EE565C187C604A0EFA1A514914DAE3E1790FB46F9AF2
SHA-512:	F0C0674D4A6FF00BFC50651954F1ED79CC04D6668B0DB9A87BB5AF868B18C42D494389FABFF8296B6DDC9EE5293AA5380433FF069C696BE6FDD2E9D35E2717B6
Malicious:	false
Preview:	.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="wix.bootstrapper" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperSectionGroup, BootstrapperCore">.. <section name="host" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.HostSection, BootstrapperCore" />.. </sectionGroup>.. </configSections>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. See http://msdn.microsoft.com/en-us/library/vstudio/w4atty68%28v=vs.110%29.aspx -->.. <supportedRuntime version="v4.0" />.. </startup>.. <wix.bootstrapper>.. <host assemblyName="BootstrapperUpdateUI">.. <supportedFramework version="v4\Full" />.. <supportedFramework version="v4\Client" />.. </host>.. </wix.bootstrapper>..</configuration>

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperCore.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	90032
Entropy (8bit):	5.688550211341784
Encrypted:	false
SSDEEP:	768:9BgPxZlx0MBps+j7ejaab0Y6OwE7v10WHSp5fh06iG27N9k+6ybJ1ErEgtCmYjhm:HHMBp/GRbgi5ofpiG2pq+51EogsmYI
MD5:	B0D10A2A622A322788780E7A3CBB85F3
SHA1:	04D90B16FA7B47A545C1133D5C0CA9E490F54633
SHA-256:	F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426
SHA-512:	62B0AA09234067E67969C5F785736D92CD7907F1F680A07F6B44A1CAF43BFEB2DF96F29034016F3345C4580C6C9BC1B04BEA932D06E53621DA4FCF7B8C0A489F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Mp.].........." ..0...... ........... ...@....... ..............................N.....@.................................`...O....@...............@.......`......(-............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\BootstrapperUpdateUI.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38304
Entropy (8bit):	6.628279184018862
Encrypted:	false
SSDEEP:	768:kuUi5iFy3c6bY4m8WwLPSIKdVRlZKYun2f1beVDgp9E+8iROBS:Ui5iFy3bVWwLPSIWHlZdu8kMQ+8iAI
MD5:	137A753045660F7D59666CB220B83317
SHA1:	659FC454233F99FD61F6A1A09F8D84CFCE97FEE2
SHA-256:	12B1DD3ED5F6AFBCA7D30D1571F808002D5A8C714EE5BA4824E039F180FAF653
SHA-512:	31A5996F7CED3969BF4805CF1D110D8E55F3710B1B6CC58F07E82907202B9F729EAC66C81111FEA79B968FE96BE209E88EB31609E882B7D16223B3780D85225C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..f..........b.... ........... ..............................Ef....`.....................................O.......P............p...%..........\...8............................................ ............... ..H............text...hd... ...f.................. ..`.rsrc...P............h..............@..@.reloc...............n..............@..B................A.......H.......(0.../..........._..p#...........................................~............~............~............~............0...........(.....r...po....(....(.....(.......rQ..po...+}......{....s....(....}.....(....o ....(!......(".......(!......("....3..{....o#...($...rg..p(%...-.rg..p.(&...('...o(...o)...o*....s+....s,....(........(-...,f..(........E........0.......+H.(........(/....o0...+1.(........(/....o1...+..(........(/...(.....o2....!...(.....r}..p..o3...(4...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\GalaSoft.MvvmLight.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30208
Entropy (8bit):	5.480813210667336
Encrypted:	false
SSDEEP:	768:yQrLeg1z+o9LyepjivwvCGIzCGShkS6fF3xLAJs+d:tKExEJGB4fXLAL
MD5:	AF04687248DA9E95A7FF65AB538D0BCF
SHA1:	7511184300E2B6F70BC92333392386A812B2DABF
SHA-256:	B097FCA120A9E76FA870D82662BDD233ADBF08FC34A3C509F31CC5CED0AC1ECF
SHA-512:	A5EAB337F6386DE5FB2CC809730BAC7D17CDFB309AFEA32E65E9D8C457F97AC3E3F03CEBD48535CF253E28F3AA600F234631C2060EC59ACB917CB5F135F4B67A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....wZ.........." ..0..l............... ........... ..............................3....@.................................T...O.......h............................................................................ ............... ..H............text....j... ...l.................. ..`.rsrc...h............n..............@..@.reloc...............t..............@..B........................H.......@=..\K...........................................................0..)........{.........(....t......\|......(...+...3.....0..)........{.........(....t......\|......(...+...3...{........0..\........(....(......(....-G..o....->..+..o....(.......o....,...+..o.........(....3..-.r...p.s....z.0...........{......,....s....o.....0...........{....,..(...+..(....-...o......0..O........-.r'..ps....z.o ...u=...%-.rM..pr'..ps....zo!...u....%-.ro..pr'..ps....zo"....(#....q.....

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\de\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40352
Entropy (8bit):	6.086629350591749
Encrypted:	false
SSDEEP:	768:kTeuSr5J7M/xSzQnI/rfl+FNnrJq/rff2adjVbeVDqdp9E+8iRO3ix:kTeuW5J702M/rJIyqEOdQ+8iA3ix
MD5:	479B248586467DC3643360AA49ADB81E
SHA1:	B01FC089CEF423A961BD9BF0F55776719C4CE098
SHA-256:	8D52CC7ECFEF824A77A465F89682AD3CF54B801CC525F43216AB8CED34C638BB
SHA-512:	8E345256CBFFB6C1F169107DB408828F8A33AF7301ABFEF0D6ED1D3AC989AFA8E864E6E15287AB11AA9F3762DC8B0BC2149FD356E3793ABA9D20159CCE130293
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....p............... ........... ....................................@....................................S....................x...%........................................................... ............... ..H............text...$n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B........................H.......p...X...........P ...j...........................................j.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\es\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.053856304423901
Encrypted:	false
SSDEEP:	768:tTSRibNqH1XCrJs0BBBnrPaObeVDap9E+8iROr:tTmiJuyl9rmjGQ+8iAr
MD5:	D47E273EB8741263F0F5F439594CA237
SHA1:	F70898C76733C4337C9CAB3E6B06CE5D0D7DE507
SHA-256:	8A5240DB1905DBC71D763B9E99383B44B2605A541F8B9A7BCB1C52FEE8B8E629
SHA-512:	40E6FAA2F3B0BB3D46F16BEFD42A74D47E94B237A3B1609CE1A3BCF919ECCBA5F54EA7FB1DADC68C65C7D4B036A86AEC21A9030E82F83C286F89C0C50F2AF0FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ..............................H.....@.................................H...S....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\fr\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39328
Entropy (8bit):	6.089412585212967
Encrypted:	false
SSDEEP:	768:nx2KD8g4jpHDfOP61PV+e9glnmB3WZ+nl4B1Pwk/miT1HgwbeVDap9E+8iROK:nUPBdfOP2V9MnmFnnYt/m8S9uQ+8iAK
MD5:	0D1090BFD28DD606F5D5E1D921AB30A5
SHA1:	5C57AA5434941C22D1A9FAC9A16378DFF66FCF6B
SHA-256:	DF4D970F7546A1F5947D0D5AAD5C7E2CBF65D08D61B8C5F4D855EB74A1C37E39
SHA-512:	55582F322EC0B099CF55CF4B71D2EA56131C0480890A4CF1FE845EC6A54A4944625297A3256B6E569E0EECAC0DD871D9C41C404FECFD36D1F52276E3C037F95C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....l.............. ........... ...............................)....@.....................................O....................t...%........................................................... ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B.......................H.......D...X...........P ...f...........................................f.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\id\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38304
Entropy (8bit):	6.013168732922719
Encrypted:	false
SSDEEP:	768:UCwOw4YC6Yy/649XQYBwn5XKbeVD2p9E+8iROP:UCPnYD/R9otnKQ+8iAP
MD5:	AE246C76DC983BD7A2D991333306BFD5
SHA1:	FF3A17A16AD67C3C5CBBFD1C817868893CCDA4DB
SHA-256:	EF295A86B80666DCE11311E038E3037F167FA6289B849A0F5D5FD1395DB67B14
SHA-512:	FAA4A53D3FFC311AC4302ADA1F22A12C7FDED7558BD1BF94FC4A2A940ED4C9D47005C45E713745373B083E9223D43E54F4B19316E2E3DE76D5CEB993EBFBADD3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....h............... ........... ....................................@.....................................W....................p...%........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc................j..............@..@.reloc...............n..............@..B........................H.......\...X...........P ...b...........................................b.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\it\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.022209665389889
Encrypted:	false
SSDEEP:	768:EyfpWp7JPytp3/dtRz3BNKdA/dtRzGuwBaNbeVDPp9E+8iROr:EyhoPytp3/zBydA/zBGuRcrQ+8iAr
MD5:	91A36BD2A42052F47B3FCB00D07B0C42
SHA1:	9692F75AEA3041EF2BE34BD58D7808DD5803598B
SHA-256:	B5E98E77F21C9A545999B93C69168268FDB373E71E31D37217A2C60EA57EE42C
SHA-512:	0017817753A3D84C061617DC82861D04E919B6B82DAF4C247D4913E30A0350C1EA195688FD96753BC053CDAF3CF9B8BB8299CC70EFC89A0BB1620233FFD335EC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j.............. ........... ....................................@.....................................S....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H.......0...X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ja\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	43424
Entropy (8bit):	6.313289824466315
Encrypted:	false
SSDEEP:	384:8QgMPuUt+Gk/wHdbIO6ZykDSr+O3+yKO4LZyykDStmoZWQezQtsEX6zjVDw41G9Y:XFxqnSSCQ0QtbeVDop9E+8iROZ
MD5:	065EB041FE86F539EF2F9132A73444AA
SHA1:	7A4093FB71BA782E4BB42F5B9F5C1FD48A927B7D
SHA-256:	6538E633534F92052FEADF88201631EEE778417E96D321F4C52A16307C4B6C77
SHA-512:	48EB9CDE18CE8D6E9BDD84B0E5DDE76F38D0F5FF1659AE72F2377A115A3B35D14285F6E05C2BEEBED621F8FFFBD193CF46FFF10299C4062B2FBDB138BD94C997
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....\|............... ........... ...............................C....@.................................\...O........................%........................................................... ............... ..H............text....z... ...\|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H...........X...........P ...v...........................................v.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ko\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.498273961113996
Encrypted:	false
SSDEEP:	768:i4Ppg/V7jcTLe+uFVDsykFxrd99Z8tfHlbuFVoFiBprpXVJ28X2abeVDmp9E+8iW:iuE0PkVH4xrdGhkVs+prp836Q+8iAP
MD5:	DA0FC238D168F9679A97B854D167F52E
SHA1:	5B49A441120535412CC626D487139B0AABDC0C66
SHA-256:	931AE22FAD80F5571D0CB372EB3BC2247AC4AAEF6C959DAA21C8B1FC2686D394
SHA-512:	D443571F95273E7ECEADE0D25E3624792098A3B207D47269A1B7F41988E2F65DC399FDFFE8D9FF7E5F1BCB0AFE8DBBF9E0F0407786451AFC0F3EFBBBF211B6FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ...................................@.................................L...O....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H..........X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbahost.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	122288
Entropy (8bit):	6.643662045821993
Encrypted:	false
SSDEEP:	3072:iyjfrCvv4JR5zsemsABCF0TPSLNegl/+b:xrrCYRsehsIX/E
MD5:	C59832217903CE88793A6C40888E3CAE
SHA1:	6D9FACABF41DCF53281897764D467696780623B8
SHA-256:	9DFA1BC5D2AB4C652304976978749141B8C312784B05CB577F338A0AA91330DB
SHA-512:	1B1F4CB2E3FA57CB481E28A967B19A6FEFA74F3C77A3F3214A6B09E11CEB20AE428D036929F000710B4EB24A2C57D5D7DFE39661D5A1F48EE69A02D83381D1A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v........................}.......\|..............................o..............2~......2~......2~q.............2~......Rich....................PE..L...Tp.]...........!.....&..........(>.......@.......................................;....@.....................................x......................................T...........................H...@............@...............................text....%.......&.................. ..`.rdata...s...@...t...*..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	188848
Entropy (8bit):	6.598346436496911
Encrypted:	false
SSDEEP:	3072:iaVVzf0r2vM357+pwnohBIiv8+2kt2GOTALPN2obXbE7PKPU9+Wxhsz7CMD:iaLzfpIsHhBIqgGOTALFdbz7f
MD5:	FE7E0BD53F52E6630473C31299A49FDD
SHA1:	F706F45768BFB95F4C96DFA0BE36DF57AA863898
SHA-256:	2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80
SHA-512:	FEED48286B1E182996A3664F0FACDF42AAE3692D3D938EA004350C85764DB7A0BEA996DFDDF7A77149C0D4B8B776FB544E8B1CE5E9944086A5B1ED6A8A239A3C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:v.O~.c.~.c.~.c....t.c......c....f.c.,.g.n.c.,.`.l.c.,.f.a.c.wo..z.c.wo..c.c.~.b.\|.c..~f.g.c..~c...c..~....c.~.....c..~a...c.Rich~.c.........PE..L...Yp.]...........!................................................................1.....@.........................`.......L...................................`.......T...........................H...@...............\............................text............................... ..`.rdata..2...........................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.png Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	797
Entropy (8bit):	7.648767094164769
Encrypted:	false
SSDEEP:	12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5
MD5:	A356956FD269567B8F4612A33802637B
SHA1:	75AE41181581FD6376CA9CA88147011E48BF9A30
SHA-256:	A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
SHA-512:	A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E
Malicious:	false
Preview:	.PNG........IHDR...?...?.....W_......sRGB.........gAMA......a.....pHYs..........+......IDAThC./W.0....P(...Db+q8$.........J...-..8.e]._..;........Y... .Y....z\........{W\|..../q..<%.....C5...0....OrU....,..^........).....2.......i.Ge..T9T..}.7..J.......}..b...S.>.%y..Fc..j.X.....y."...e.U..M(ez....4\..C....u.......w..0..J.Wo."...mM.r.h..8..q..X..k!...j..xn...l...W`..r.+.R..J........c.T.}......cz..<43..@.c..rH...\|..V.....K.mN.........k....,..4OL..5..M.tm%=.U.t-7.w....k.R.....c...-].5~..]2..5...GA..[..={.5..].=(.$}.\.9..5...MWu..[#.....F..j.F...d...,..MWu.7..3......$.......G.t.....=;N<_:[......0.,1.y.\.Z.\|..%..>}...q.s....y.#p......!-.;.6!o.KO..E.6...........<..c..9_B....y....im...b...Xn.....)t9Q...........V.WMtP. .P..Z.&..KR.ac......IEND.B`.

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.thm Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3915
Entropy (8bit):	5.15881451198739
Encrypted:	false
SSDEEP:	48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP
MD5:	A20778EC90A094A62A6C3A6AB2A6DC7D
SHA1:	74C131B5FD80446FFDF2AFAD723762DD36621309
SHA-256:	F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA
SHA-512:	47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="mbapreq.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="96" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="112" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2464
Entropy (8bit):	5.076345322304751
Encrypted:	false
SSDEEP:	48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O
MD5:	4D2C8D10C5DCCA6B938B71C8F02CA8A8
SHA1:	11577021465379E9D1FF4260E607149BA5DFA6B3
SHA-256:	C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96
SHA-512:	AE791C1F05821167F1D2E1D07DBF95FE7E72B35B3E4B1E22720006C7A672B1330B748414792392B0E806F111AA4EFC1C424F4479EBDE349E3F079792DBB3BF47
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">Microsoft .NET Framework required for [WixBundleName] setup</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/passive \| /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>.. <String Id="HelpClos

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pl\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40352
Entropy (8bit):	6.310354488283983
Encrypted:	false
SSDEEP:	768:mkPGCL2myUTHoA87E37dT02gul8owaSzK637oqowakgESD0bbeVDtAp9E+8iROg:mkP555T02g68o1wcqo1AquQ+8iAg
MD5:	FECBD2AF3B28B6BFD8E0F951DE617CF3
SHA1:	08905E709CC8936D52774418301B5EF33737E773
SHA-256:	5853A6EF29FD609F501E35D03E674F0448CDE46A079C2814F92BE4E3DDCE7FF2
SHA-512:	8E7967D72004A42B92C74CAD3AAE7E6A14FD982448285DDC0EC2CBF61037F7E80B6908FBC609C805E50803D550120CF6F09AB1A041C6B3FCBA6E9F752CDD6255
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....p..........^.... ........... ...............................R....@.....................................W....................x...%........................................................... ............... ..H............text...dn... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................@.......H...........X...........P ..Yj..........................................Uj.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37280
Entropy (8bit):	6.145815174333101
Encrypted:	false
SSDEEP:	768:u3WKdhrdgMCc2HyiCeQDgefew10dNU7DbUgMfJ6gZjbeVD2p9E+8iRO4:u3VgFq0gayiQ+8iA4
MD5:	00630F6D925CA905343456825BB9F7C3
SHA1:	D1DC69D2E8CE513A0C4053A13F3E970640670853
SHA-256:	374B182B41FB62CE1CFF4F99B06CB7E402BE7758249ADD10CADC0E21BDC9E60C
SHA-512:	34380BA1C06DA88491FF89E6B6A597F47BE819978B9CF1326F5FB3F9D16CD8CDB6B3C29F1FDBEF6C1EA6EB465CC6E7EC909F6B5BA742E1FE08010A247BBA1FC1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....d.............. ........... ..............................Hn....@.....................................K....................l...%........................................................... ............... ..H............text....c... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B........................H.......0...`...........P ..._..........................................._.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\ru\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	63904
Entropy (8bit):	5.39034467207354
Encrypted:	false
SSDEEP:	1536:Q69VHjqCcFekDExtBJsLZCUuA4+cDpf49bCfAHmFrExcLp+IpfFoTMvqPc33Q+8p:Q69VHjqCcFekoxtkZu/FA8fAHmFwxyjW
MD5:	5F4FF576D99D234ED748022E41AD86A1
SHA1:	7C3C33A1E5DABF1178CCC75F2EAD082F9578FE9C
SHA-256:	7C6FF924F38ECEFB8D4946855B569D61C145C8B7809E935089A18CF900B4F669
SHA-512:	566328543F4944761EAF83223700EDA0B958EFBA7B89E9213F8509BEAB228445502486E1CA87FE1D06569A7CC2F4F522C0E72D767380DE68AB2B41780EA61A20
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!................n.... ........... .......................@.......j....@................................. ...K........................%... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H...........X...........P ..u...........................................q..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\th\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	68512
Entropy (8bit):	4.96373836759445
Encrypted:	false
SSDEEP:	1536:cfmOndidiE39wHV1+3sw95t43LdQ+8iAx:smOH11mZxYLCDx
MD5:	27E8AEE9C66C8B3940F27DE5F4ADCB04
SHA1:	2250D67F3FEB48DC054E981CA0AABD509031B6D0
SHA-256:	B69A30ABEC11B1DCDA489B533676B7401E12643276F5F331D54E3E186A5F7D23
SHA-512:	19FF3024A584653A57990E287E9A34463F63DE5CEEA517F8BB4DCB07E7326F373C81D53E87A7D47F2B7C55ED445836BD1E30A9203C7F3769ED4B385EF5BCF752
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!..................... ........... .......................@.......\|....@.................................P...K........................%... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........X...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\tr\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.280801304551641
Encrypted:	false
SSDEEP:	768:B7Gtq4XXYbKt7WimSjNolmKt7kvepbY7kq/XbeVDnMp9E+8iROa:B7GDiqWimw+lmqkvCbKOoQ+8iAa
MD5:	CAEFE10444EF2E702A5E6BDAEB1FFDC2
SHA1:	CD0BC746484E5ED24A29D9769F8C0B38D0C6F1B4
SHA-256:	5A9DDEBF290891DA45352B5D4328B1212C1F7E7812FCF89B656B860434F09D2A
SHA-512:	29B79B490EF6135A5F4EAF164590993C4FA1C1E494F7AA11EC6E33029A2530F227B182DD31353EB9F624055AFF8D2E24DA3B18E5647F0D74CD355E88E2F94EC4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ....................................@.................................H...S....................r...%........................................................... ............... ..H............text....i... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........X...........P ...e...........................................e.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\vi\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	43936
Entropy (8bit):	6.370638365485673
Encrypted:	false
SSDEEP:	768:XfkrPatUhuHRPyagewmNX0sxTWDeC2lmHKyam4j+08YyObbbeVDjpp9E+8iROj:XfgaWhuHaewm9DMv2cHf4q5Y7qRQ+8iq
MD5:	9B01B273FD50CAE6C40DB985A4888CBB
SHA1:	2B721FD934AE295ADB13232B4DB53DD81A47DFE5
SHA-256:	BF74806443370E9BE2026E8A2D45BF420B98F6896E691A833DACCC6FBD17F840
SHA-512:	2B73E1A3E5FF5835CB4B17D0D10C222696E0188EDFC014A9EADC4B73CF819226BA71E3DB769AC1B865AE9585E9A16AB0EDF86ECC713589FA71729B64DC74CB81
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....~.............. ........... ...............................3....@.....................................K........................%........................................................... ............... ..H............text....}... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(...X...........P ...y...........................................y.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32672
Entropy (8bit):	6.910853627790309
Encrypted:	false
SSDEEP:	768:9cZb7f0iXxpRCKamnypO/MceFqmbeVDVFp9E+8iROL:9cRffXx1ybctb3Q+8iAL
MD5:	4877E86A1734F542A7D8CB9D40A584BA
SHA1:	C7CC6EDE71D17B9D953FFC69D759E0421249EA1C
SHA-256:	8B87FE546AF95FFA73FE512C973475E31826C74B49E37DDB9D6A30F7B610247F
SHA-512:	B2D8D09055006032C57B27F52C36EE8744DF1901ADBD80BEDD4B9D4B491AD7F6E9D93F6CF3B9015767CE10AE091A86EE2C6C18FD0EE01D56EC8666DB382A1C8E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....R...........p... ........... ....................................@..................................p..K....................Z...%........................................................... ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B.................p......H....... m..`...........P ...L...........................................L.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{87114B36-9774-410D-8627-266E6CF8BB54}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33184
Entropy (8bit):	6.934296312564666
Encrypted:	false
SSDEEP:	768:BzEQ8R47KwynxXCFuKCfKvu2oFPc8WJgl6tdse9pHc2ClkcbeVDlAp9E+8iROC:BzEQ8kKJnxXWuKCyYGglbOFJhCQ+8iAC
MD5:	CD994FC793CB0EBAE2A5756CC0261E8D
SHA1:	2FC580C96C054F8E9DA9AB6140384609C1A8DA8B
SHA-256:	DF020E0934BDCB62431ABA18CC755BC0E498DAFABEB1C149BBAD7BA7CD7BD987
SHA-512:	88308AA92BD8871B023D9A0AD93A99123F139FECA8A350EBFE25871FC29B71C6D00717598D2E5BE3065D3DE3BF912A6794AF15FA4464B7C03F30150AAD12EABC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....T...........r... ........... ...............................,....@..................................r..K....................\...%........................................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................r......H.......@o..`...........P ...N...........................................N.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1028\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2025
Entropy (8bit):	6.231406644010833
Encrypted:	false
SSDEEP:	48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE
MD5:	1D4B831F77EFEC96FFBC70BC4B59B8B5
SHA1:	1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB
SHA-256:	1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C
SHA-512:	C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-tw" Language="1028" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName] ...... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive \| /quiet - ...... UI ............ UI ... ........... UI ........../norestart - ................UI ............./log log.txt - ............ %TEMP% ......</String>.. <Stri

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1029\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2458
Entropy (8bit):	5.36165936198009
Encrypted:	false
SSDEEP:	48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS
MD5:	CC8C6D04DC707B38E0F0C08BA16FE49B
SHA1:	95EA7F570677AEA52393D02FDB21CEBB218A7343
SHA-256:	DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9
SHA-512:	A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="cs-cz" Language="1029" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalace produktu [WixBundleName]</String>.. <String Id="Title">Pro instalaci produktu [WixBundleName] je vy.adov.no rozhran. Microsoft .NET Framework.</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/passive \| /quiet - Zobraz. minim.ln. u.ivatelsk. rozhran. bez jak.chkoli.. v.zev, nebo nezobraz. ..dn. u.ivatelsk. rozhran. ani ..dn. v.zvy. Ve v.choz.m.. nastaven. se jak u.ivatelsk. rozhran., tak i v.echny v.zvy zobrazuj....../norestart - Potla.. jak.koli p

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1030\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2286
Entropy (8bit):	5.061915970731254
Encrypted:	false
SSDEEP:	48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF
MD5:	7C6E4CE87870B3B5E71D3EF4555500F8
SHA1:	E831E8978A48BEAFA04AAD52A564B7EADED4311D
SHA-256:	CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
SHA-512:	2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="da-dk" Language="1030" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation af [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework skal v.re installeret i forbindelse med Installationen af [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Er du sikker p., at du vil annullere?</String>.. <String Id="HelpHeader">Hj.lp til installation</String>.. <String Id="HelpText">/passive \| /quiet - viser en minimal brugergr.nseflade uden prompter eller.. viser ingen brugergr.nseflade og ingen prompter... Brugergr.nsefladen og alle prompter vises som standard...../norestart - skjuler fors.g p. genstart. Der vises som standard en.. foresp.rgse

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1031\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2442
Entropy (8bit):	5.094465051245675
Encrypted:	false
SSDEEP:	48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD
MD5:	C8E7E0B4E63B3076047B7F49C76D56E1
SHA1:	4E44E656A0D552B2FFD65911CB45245364E5DBF3
SHA-256:	631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295
SHA-512:	FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="de-de" Language="1031" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <UI Control="InstallButton" Width="180" />.. .. <String Id="Caption">[WixBundleName]-Setup</String>.. <String Id="Title">F.r das [WixBundleName]-Setup ist Microsoft .NET Framework erforderlich.</String>.. <String Id="ConfirmCancelMessage">Sind Sie sicher, dass Sie den Vorgang abbrechen m.chten?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/passive \| /quiet - zeigt eine minimale Benutzeroberfl.che ohne.. Eingabeaufforderungen oder keine Benutzeroberfl.che und keine.. Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und.. alle Eingabeaufforderungen angezeigt...../no

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1032\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3400
Entropy (8bit):	5.279888750092028
Encrypted:	false
SSDEEP:	48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk
MD5:	074D5921AF07E6126049CB45814246ED
SHA1:	91D4BDDA8D2B703879CFE2C28550E0A46074FA57
SHA-256:	B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5
SHA-512:	28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="el-gr" Language="1032" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">........... ... [WixBundleName]</String>.. <String Id="Title">... ... ........... ... [WixBundleName] .......... .. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">..... ....... ... ...... .. ..... .......;</String>.. <String Id="HelpHeader">....... ... ... ...........</String>.. <String Id="HelpText">/passive \| /quiet - ......... ........ ........... ... ............. .......... ...... ..... ........ . ... ..

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1035\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2235
Entropy (8bit):	5.142592159444541
Encrypted:	false
SSDEEP:	48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs
MD5:	E338408F1101499EB22507A3451F7B06
SHA1:	83B42F9D7307265A108FC339D0460D36B66A8B94
SHA-256:	B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3
SHA-512:	F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fi-fi" Language="1035" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] -asennus</String>.. <String Id="Title">Microsoft .NET Framework tarvitaan [WixBundleName] -asennusta varten</String>.. <String Id="ConfirmCancelMessage">Haluatko varmasti peruuttaa?</String>.. <String Id="HelpHeader">Asennusohjelman ohje</String>.. <String Id="HelpText">/passive \| /quiet - n.ytt.. mahdollisimman v.h.n k.ytt.liittym.st.; ei.. kehotteita tai ei k.ytt.liittym.. ja kehotteita. Oletusarvoisesti.. k.ytt.liittym. ja kaikki kehotteet n.ytet..n...../norestart - est.. uudelleenk.ynnistysyritykset. Oletusarvoisesti.. k.ytt.liittym. kysyy ennen uudelleenk.yn

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1036\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2306
Entropy (8bit):	5.076293283609686
Encrypted:	false
SSDEEP:	48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY
MD5:	AA32A059AADD42431F7837CB1BE7257F
SHA1:	4CD21661E341080FB8C2DEFD9F32F134561FC3BA
SHA-256:	88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9
SHA-512:	78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fr-fr" Language="1036" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework requis pour l'installation de [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.tes-vous s.r de vouloir annuler.?</String>.. <String Id="HelpHeader">Aide de l'installation</String>.. <String Id="HelpText">/passive \| /quiet - affiche une interface minimale sans invites ou n'affiche.. aucune interface ni aucune invite. Par d.faut, l'interface et toutes les.. invites sont affich.es...../norestart - annule toute tentative de red.marrage. Par d.faut, l'interface.. affiche une invite avant de red.marrer..

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1038\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2392
Entropy (8bit):	5.293225307744296
Encrypted:	false
SSDEEP:	48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr
MD5:	17FB605A2F02DA203DF06F714D1CC6DE
SHA1:	3A71D13D4CCA06116B111625C90DD1C451EA9228
SHA-256:	55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF
SHA-512:	D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="hu-hu" Language="1038" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] telep.t.</String>.. <String Id="Title">A(z) [WixBundleName] telep.t.s.hez Microsoft .NET-keretrendszer sz.ks.ges</String>.. <String Id="ConfirmCancelMessage">Biztosan megszak.tja?</String>.. <String Id="HelpHeader">A telep.t. s.g.ja</String>.. <String Id="HelpText">/passive \| /quiet - Minim.lis felhaszn.l.i fel.let megjelen.t.se k.rd.sek.. n.lk.l, illetve felhaszn.l.i fel.let .s k.rd.sek megjelen.t.se n.lk.li.. telep.t.s. Alapesetben a felhaszn.l.i fel.let .s minden k.rd.s megjelenik...../norestart - Az .jraind.t.si k.r.sek elrejt.se. Alapeset

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1040\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	4.985260685429469
Encrypted:	false
SSDEEP:	48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp
MD5:	50261379B89457B1980FF19CFABE6A08
SHA1:	F80B1F416539D33206CE3C24BA3B14B799A84813
SHA-256:	A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7
SHA-512:	BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="it-it" Language="1040" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework necessario per l'installazione di [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida dell'installazione</String>.. <String Id="HelpText">/passive \| /quiet - visualizza l'interfaccia utente minima senza istruzioni.. oppure non visualizza n. l'interfaccia utente n. le istruzioni. Per.. impostazione predefinita vengono visualizzate interfaccia utente e.. istruzioni...../norestart - elimina eventuali tentativi di riavvio. Per impostazione.. predefinita l'int

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1041\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2545
Entropy (8bit):	5.923292576429967
Encrypted:	false
SSDEEP:	48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz
MD5:	DB0F5BAB42403FD67C0A18E35E6880EC
SHA1:	C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC
SHA-256:	CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE
SHA-512:	589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ja-jp" Language="1041" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ......</String>.. <String Id="Title">[WixBundleName] ........ Microsoft .NET Framework .....</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/passive \| /quiet - ... UI ....................UI.. .............. .....UI ....................../norestart - ........................

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1042\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2236
Entropy (8bit):	5.97627825234954
Encrypted:	false
SSDEEP:	48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY
MD5:	442F8463EF5CA42B99B2EFACA696BD01
SHA1:	67496DB91CBAA85AC0727B12FC2D35E990537DAC
SHA-256:	D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD
SHA-512:	A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ko-kr" Language="1042" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] ... ... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/passive \| /quiet - ... .. .. UI. ..... UI. .... .... .... ..... ..... UI . .. .... ........../norestart - .. ..... ... ...... ..... UI. .. .... .. .... ......../log log.txt - .

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1043\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2312
Entropy (8bit):	4.965432037520827
Encrypted:	false
SSDEEP:	48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl
MD5:	67F28BCDB3BA6774CD66AA198B06FF38
SHA1:	85D843B7248A5E1173FF9BD59CB73BB505F69B66
SHA-256:	226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E
SHA-512:	7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nl-nl" Language="1043" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installatie</String>.. <String Id="Title">Microsoft .NET Framework is vereist voor installatie [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Weet u zeker dat u de installatie wilt annuleren?</String>.. <String Id="HelpHeader">Help bij Setup</String>.. <String Id="HelpText">/passive \| /quiet - geeft een minimale gebruikersinterface weer zonder prompts.. of geeft geen gebruikersinterface en geen prompts weer. Gebruikersinterface.. en alle prompts worden standaard weergegeven...../norestart - pogingen tot opnieuw opstarten onderdrukken... Gebruikersinterface vraagt standaard al

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1044\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2171
Entropy (8bit):	5.089922193759582
Encrypted:	false
SSDEEP:	48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S
MD5:	5454F724C9CDAB8172678A1CC7057220
SHA1:	241A57018ACE1210881583A9CF646E7D2E51412F
SHA-256:	41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113
SHA-512:	40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nb-no" Language="1044" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installasjonsprogram</String>.. <String Id="Title">Microsoft .NET Framework kreves for [WixBundleName]-installasjon</String>.. <String Id="ConfirmCancelMessage">Er du sikker p. at du vil avbryte?</String>.. <String Id="HelpHeader">Installasjonshjelp</String>.. <String Id="HelpText">/passive \| /quiet - viser minimalt brukergrensesnitt uten ledetekster, eller.. ikke noe brukergrensesnitt og ingen ledetekster. Som standard vises.. brukergrensesnitt og alle ledetekster...../norestart - undertrykker alle fors.k p. omstart. Som standard sp.r.. brukergrensesnittet f.r omstart.../log log.txt

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1045\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2368
Entropy (8bit):	5.270514043715206
Encrypted:	false
SSDEEP:	48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L
MD5:	96ACAAA5AEF7798E9048BAFF4C3FA8D3
SHA1:	E76629973F6C1CFC06F60BA64FE9F237B2DB9698
SHA-256:	F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C
SHA-512:	964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pl-pl" Language="1045" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalator programu [WixBundleName]</String>.. <String Id="Title">Do zainstalowania programu [WixBundleName] jest wymagany program Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Pomoc instalatora</String>.. <String Id="HelpText">/passive \| /quiet - wy.wietla minimalny interfejs u.ytkownika bez monit.w.. lub nie wy.wietla interfejsu u.ytkownika ani monit.w. Domy.lnie jest.. wy.wietlany interfejs u.ytkownika i wszystkie monity...../norestart - pomija wszelkie pr.by ponownego uruchomienia. Domy.lnie.. interf

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1046\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2147
Entropy (8bit):	5.130635342194656
Encrypted:	false
SSDEEP:	48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6
MD5:	BD39ADB6B872163FD2D570028E9F3213
SHA1:	688B8A109688D3EA483548F29DE2E57A8A56C868
SHA-256:	ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15
SHA-512:	F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-br" Language="1046" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">Microsoft .NET Framework . necess.rio para instala..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/passive \| /quiet - exibe UI m.nima sem avisos ou exibe sem UI e.. sem avisos. Por padr.o a UI e todos avisos s.o exibidos...../norestart - suprime qualquer tentativa de reinicializa..o. Por padr.o a UI.. ir. solicitar antes de reiniciar.../log log.txt - logs para um arquivo espec.fico. Por padr.

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1049\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2880
Entropy (8bit):	5.408094213063887
Encrypted:	false
SSDEEP:	48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL
MD5:	DAF167AF4031EF47E562056A7D51AA73
SHA1:	0156B230CADD6169AC2820865E3C031ED79785EF
SHA-256:	C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B
SHA-512:	5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ru-ru" Language="1049" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">......... [WixBundleName]</String>.. <String Id="Title">... ......... [WixBundleName] ......... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........ ........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/passive \| /quiet - ........... ............ .. ... ........ ... ...... ... .. .. . ............ .. ......... ............ .. . ... ......

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1051\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2334
Entropy (8bit):	5.397882326481071
Encrypted:	false
SSDEEP:	48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:8L1TuPdKNzfifFmcatm
MD5:	016C278E515F87F589AD22C856B201F7
SHA1:	F20C7DB38B3161B143DEC4E578CE71D7F585F436
SHA-256:	4A7FDF4A9033FE05C31F565ED3AE5B8C67D324B7AEADB737CE95DBB416D46868
SHA-512:	310C85B27E1ECF4C6729E88051037150CFBA0234A0138666C26662B3D665FF38B74E95ABCADDEEF6CBEBB23E3357FAC487E6EE5EB8FE158C269D77672191B042
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sk-sk" Language="1051" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] . in.tal.cia</String>.. <String Id="Title">Na in.tal.ciu aplik.cie [WixBundleName] sa vy.aduje s..as. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Naozaj chcete zru.i. oper.ciu?</String>.. <String Id="HelpHeader">Pomocn.k pre in.tal.ciu</String>.. <String Id="HelpText">/passive \| /quiet . zobraz. minim.lne pou..vate.sk. rozhranie bez v.ziev alebo.. nezobraz. .iadne pou..vate.sk. rozhranie ani v.zvy. Predvolene sa.. zobrazuje pou..vate.sk. rozhranie aj v.etky v.zvy...../norestart . zru.. v.etky pokusy o re.tart. Pou..vate

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1053\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2132
Entropy (8bit):	5.1255014007111495
Encrypted:	false
SSDEEP:	48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M
MD5:	D95E81164C57B6FD75E7C3022454192E
SHA1:	5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A
SHA-256:	6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D
SHA-512:	9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sv-se" Language="1053" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-installation</String>.. <String Id="Title">Microsoft .NET Framework kr.vs f.r installation av [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Vill du avbryta?</String>.. <String Id="HelpHeader">Installationshj.lp</String>.. <String Id="HelpText">/passive \| /quiet - visar ett minimalt anv.ndargr.nssnitt utan prompter,.. alternativt inget anv.ndargr.nssnitt och inga prompter. Som standard visas.. anv.ndargr.nssnitt och samtliga prompter...../norestart - hejdar omstart. Som standard visar anv.ndargr.nssnittet en.. prompt f.re omstart.../log log.txt - skapar logg till

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1055\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2303
Entropy (8bit):	5.2754753523795275
Encrypted:	false
SSDEEP:	48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg
MD5:	01B200E06BA600A4EF00C00F7AAC5CE4
SHA1:	22234426C42637E069A46217019551E4434A4AB6
SHA-256:	06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D
SHA-512:	8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="tr-tr" Language="1055" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName] kurulumu i.in Microsoft .NET Framework gerekir</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/passive \| /quiet - komut istemi olmayan olabildi.ince k...k bir UI.. g.r.nt.ler veya komut istemi ve UI g.r.nt.lemez. Varsay.lan olarak UI.. ve t.m komut istemleri g.r.nt.lenir...../norestart - yeniden ba.latma denemelerini engeller. Varsay.lan.. olarak UI yeniden ba.latmadan .nce komut isteyecekt

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\1060\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2200
Entropy (8bit):	5.1485120966265
Encrypted:	false
SSDEEP:	48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL
MD5:	5836F0C655BDD97093F68AAF69AB2BAB
SHA1:	B6842E816F9E0DCC559A5692E4D26101D10B4B16
SHA-256:	C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C
SHA-512:	640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sl-si" Language="1060" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Namestitev</String>.. <String Id="Title">Microsoft .NET Framework, potreben za namestitev paketa [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Ali ste prepri.ani, da .elite preklicati?</String>.. <String Id="HelpHeader">Pomo. za namestitev</String>.. <String Id="HelpText">/passive \| /quiet - prika.e minimalni uporabni.ki vmesnik brez pozivov ali ne prika.e.. uporabni.kega vmesnika in pozivov. Privzeto so prikazani uporabni.ki vmesnik in.. vsi pozivi...../norestart - skrije vse mo.nosti za vnovicni zagon. Privzeto uporabni.ki vmesnik.. prika.e poziv pred ponovnim zag

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\2052\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	1980
Entropy (8bit):	6.189594519053644
Encrypted:	false
SSDEEP:	48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV
MD5:	A34DCF7771198C779648B89156483E83
SHA1:	A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F
SHA-256:	89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6
SHA-512:	0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-ch" Language="2052" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] .... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive \| /quiet - ..... UI .......... UI ... ........... UI ........../norestart - .............. UI ........../log log.txt - .............. %TEMP% ........</String>.. <String Id="HelpCloseButton"

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\2070\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2211
Entropy (8bit):	5.1155097909395035
Encrypted:	false
SSDEEP:	48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6
MD5:	8A278E519EF81B2847490EFB070219BC
SHA1:	7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8
SHA-256:	E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385
SHA-512:	88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-pt" Language="2070" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Configura..o do [WixBundleName]</String>.. <String Id="Title">O Microsoft .NET Framework . necess.rio para a configura..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem a certeza de que pretende cancelar?</String>.. <String Id="HelpHeader">Ajuda da Configura..o</String>.. <String Id="HelpText">/passive \| /quiet - apresenta IU m.nima sem mensagens ou n.o apresenta IU nem.. mensagens. Por predefini..o, s.o apresentadas a IU e todas as mensagens...../norestart - suprimir qualquer tentativa de rein.cio. Por predefini..o, a IU.. avisar. antes de reiniciar.../log log.txt - r

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\3082\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2400
Entropy (8bit):	4.992567587099768
Encrypted:	false
SSDEEP:	48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8
MD5:	1024AA88AE01BC7BA797193CC6023375
SHA1:	9252A309C1CB32573F4D58A595A78660FDF54B2F
SHA-256:	B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A
SHA-512:	77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="es-es" Language="3082" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">La instalaci.n de [WixBundleName] requiere Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="HelpHeader">Ayuda del programa de instalaci.n</String>.. <String Id="HelpText">/passive \| /quiet - muestra una interfaz de usuario m.nima y no realiza.. preguntas, o bien no muestra interfaz de usuario y no realiza preguntas... De manera predeterminada se muestra la interfaz de usuario completa y se.. realizan todas las preguntas necesarias...../norestart - suprime cu

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperApplicationData.xml Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	7030
Entropy (8bit):	3.74663633154115
Encrypted:	false
SSDEEP:	96:XDXOn6hU1UeycptVkAn6W6lUhycJVwn62KqM0wwVycBgn65eItUUycxQtTUctY2d:XDeCN4xtOiwdKW/4IgqIWuLtbuhA9
MD5:	E171BE228AF33C1BD57068F1083FA737
SHA1:	1BBBAC452C274C1A3986FCB9BB41FA746DE0BDB1
SHA-256:	495298882A36EDA1545A57A9E0F74A050653705E879EF3BD1C078632F2C65189
SHA-512:	49416093ECBD5DFFB5FFCF725D8BCE7E704211FDC2D4DF5CACC2261E24B450DD3A0F00DAEF95DDE6AE95F5FCE6A00212A99E3E4757C7124F8C4144D70137F106
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".I.n.t.e.l... .D.r.i.v.e.r. .&.a.m.p.;. .S.u.p.p.o.r.t. .A.s.s.i.s.t.a.n.t.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.a.2.5.f.f.3.1.6.-.2.5.3.4.-.4.b.5.3.-.9.4.f.c.-.8.0.c.3.d.e.a.a.d.b.f.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.E.2.2.0.B.4.D.B.-.8.A.E.5.-.4.9.E.2.-.9.0.E.A.-.B.F.4.7.D.7.E.8.1.3.D.0.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.M.b.a.P.r.e.r.e.q.I.n.f.o.r.m.a.t.i.o.n. .P.a.c.k.a.g.e.I.d.=.".N.e.t.F.x.4.6.2.W.e.b.". .L.i.c.e.n.s.e.U.r.l.=.".h.t.t.p.s.:././.r.e.f.e.r.e.n.c.e.s.o.u.r.c.e...m.i.c.r.o.s.o.f.t...c.o.m./.l.i.c.e.n.s.e...h.t.m.l.

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCommonUI.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	405408
Entropy (8bit):	5.467842729846682
Encrypted:	false
SSDEEP:	3072:HlCdEMrN5nVmjsdm7pCTDc+2VcW9BR/tj0ClvpqATHw9/HwGZCjWDb742mruj2l0:qEWN2jsqs/2T/NpfA/Hjm7Rj7C
MD5:	3A01F1DA65B67D64B55C686C362353EC
SHA1:	CA68772240C924DE368235C344C7232BD32EBC7F
SHA-256:	189E66A47216BC54538C7AEEEA5C704CB9F46469E61BD14C3F820605A3348B41
SHA-512:	93F4C54F5D99262E550FBC71B9E4210A3312DC6D8AAA9BE53EC2E1129D98FEBA8653DB3048A71DF9A0618336854CD24854F9965FA39AE2F949D2CAF32AD82E2D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q(..........." ..0..............!... ...@....... ....................................`.................................=!..O....@...................%...`....... ..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................q!......H........j..............\...0............................................(....,..o....o....r...pr...po.....o....o....r...pr...po.......0..n.......r%..ps......o ...o!....+,.o"...r...po#...%-.&.+.o$...r...p(%...,....'.o&...-....,..o'.......,..o'......&.......(......8O..........P[..........gg.......0.......... .... ....((...r...po).....o......+a......o).......r%..po+...t........,+...,&....rI..p.o,...,...r...po+...u]......+....,...o'......X....i2....,..o'......&.....*...(..

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCore.config Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	807
Entropy (8bit):	5.0651497965248105
Encrypted:	false
SSDEEP:	12:MMHd41Pd7lzc+TXYr+XFy9bWzc+TXYcXII3VymhsSlxDHIdFY9g3XmGmKUHfjDjL:Jd67RtYrx9itYhmhLxjYJ3WztrPO3I
MD5:	863B58845AE705F5153CF963A94FD802
SHA1:	1242BC75463BDD5E1FFA0FB285F95A648C90E021
SHA-256:	99386A342473E5442694EE565C187C604A0EFA1A514914DAE3E1790FB46F9AF2
SHA-512:	F0C0674D4A6FF00BFC50651954F1ED79CC04D6668B0DB9A87BB5AF868B18C42D494389FABFF8296B6DDC9EE5293AA5380433FF069C696BE6FDD2E9D35E2717B6
Malicious:	false
Preview:	.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="wix.bootstrapper" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperSectionGroup, BootstrapperCore">.. <section name="host" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.HostSection, BootstrapperCore" />.. </sectionGroup>.. </configSections>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. See http://msdn.microsoft.com/en-us/library/vstudio/w4atty68%28v=vs.110%29.aspx -->.. <supportedRuntime version="v4.0" />.. </startup>.. <wix.bootstrapper>.. <host assemblyName="BootstrapperUpdateUI">.. <supportedFramework version="v4\Full" />.. <supportedFramework version="v4\Client" />.. </host>.. </wix.bootstrapper>..</configuration>

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperCore.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	90032
Entropy (8bit):	5.688550211341784
Encrypted:	false
SSDEEP:	768:9BgPxZlx0MBps+j7ejaab0Y6OwE7v10WHSp5fh06iG27N9k+6ybJ1ErEgtCmYjhm:HHMBp/GRbgi5ofpiG2pq+51EogsmYI
MD5:	B0D10A2A622A322788780E7A3CBB85F3
SHA1:	04D90B16FA7B47A545C1133D5C0CA9E490F54633
SHA-256:	F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426
SHA-512:	62B0AA09234067E67969C5F785736D92CD7907F1F680A07F6B44A1CAF43BFEB2DF96F29034016F3345C4580C6C9BC1B04BEA932D06E53621DA4FCF7B8C0A489F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Mp.].........." ..0...... ........... ...@....... ..............................N.....@.................................`...O....@...............@.......`......(-............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\BootstrapperUpdateUI.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38304
Entropy (8bit):	6.628279184018862
Encrypted:	false
SSDEEP:	768:kuUi5iFy3c6bY4m8WwLPSIKdVRlZKYun2f1beVDgp9E+8iROBS:Ui5iFy3bVWwLPSIWHlZdu8kMQ+8iAI
MD5:	137A753045660F7D59666CB220B83317
SHA1:	659FC454233F99FD61F6A1A09F8D84CFCE97FEE2
SHA-256:	12B1DD3ED5F6AFBCA7D30D1571F808002D5A8C714EE5BA4824E039F180FAF653
SHA-512:	31A5996F7CED3969BF4805CF1D110D8E55F3710B1B6CC58F07E82907202B9F729EAC66C81111FEA79B968FE96BE209E88EB31609E882B7D16223B3780D85225C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..f..........b.... ........... ..............................Ef....`.....................................O.......P............p...%..........\...8............................................ ............... ..H............text...hd... ...f.................. ..`.rsrc...P............h..............@..@.reloc...............n..............@..B................A.......H.......(0.../..........._..p#...........................................~............~............~............~............0...........(.....r...po....(....(.....(.......rQ..po...+}......{....s....(....}.....(....o ....(!......(".......(!......("....3..{....o#...($...rg..p(%...-.rg..p.(&...('...o(...o)...o*....s+....s,....(........(-...,f..(........E........0.......+H.(........(/....o0...+1.(........(/....o1...+..(........(/...(.....o2....!...(.....r}..p..o3...(4...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\GalaSoft.MvvmLight.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30208
Entropy (8bit):	5.480813210667336
Encrypted:	false
SSDEEP:	768:yQrLeg1z+o9LyepjivwvCGIzCGShkS6fF3xLAJs+d:tKExEJGB4fXLAL
MD5:	AF04687248DA9E95A7FF65AB538D0BCF
SHA1:	7511184300E2B6F70BC92333392386A812B2DABF
SHA-256:	B097FCA120A9E76FA870D82662BDD233ADBF08FC34A3C509F31CC5CED0AC1ECF
SHA-512:	A5EAB337F6386DE5FB2CC809730BAC7D17CDFB309AFEA32E65E9D8C457F97AC3E3F03CEBD48535CF253E28F3AA600F234631C2060EC59ACB917CB5F135F4B67A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....wZ.........." ..0..l............... ........... ..............................3....@.................................T...O.......h............................................................................ ............... ..H............text....j... ...l.................. ..`.rsrc...h............n..............@..@.reloc...............t..............@..B........................H.......@=..\K...........................................................0..)........{.........(....t......\|......(...+...3.....0..)........{.........(....t......\|......(...+...3...{........0..\........(....(......(....-G..o....->..+..o....(.......o....,...+..o.........(....3..-.r...p.s....z.0...........{......,....s....o.....0...........{....,..(...+..(....-...o......0..O........-.r'..ps....z.o ...u=...%-.rM..pr'..ps....zo!...u....%-.ro..pr'..ps....zo"....(#....q.....

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\de\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40352
Entropy (8bit):	6.086629350591749
Encrypted:	false
SSDEEP:	768:kTeuSr5J7M/xSzQnI/rfl+FNnrJq/rff2adjVbeVDqdp9E+8iRO3ix:kTeuW5J702M/rJIyqEOdQ+8iA3ix
MD5:	479B248586467DC3643360AA49ADB81E
SHA1:	B01FC089CEF423A961BD9BF0F55776719C4CE098
SHA-256:	8D52CC7ECFEF824A77A465F89682AD3CF54B801CC525F43216AB8CED34C638BB
SHA-512:	8E345256CBFFB6C1F169107DB408828F8A33AF7301ABFEF0D6ED1D3AC989AFA8E864E6E15287AB11AA9F3762DC8B0BC2149FD356E3793ABA9D20159CCE130293
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....p............... ........... ....................................@....................................S....................x...%........................................................... ............... ..H............text...$n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B........................H.......p...X...........P ...j...........................................j.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\es\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.053856304423901
Encrypted:	false
SSDEEP:	768:tTSRibNqH1XCrJs0BBBnrPaObeVDap9E+8iROr:tTmiJuyl9rmjGQ+8iAr
MD5:	D47E273EB8741263F0F5F439594CA237
SHA1:	F70898C76733C4337C9CAB3E6B06CE5D0D7DE507
SHA-256:	8A5240DB1905DBC71D763B9E99383B44B2605A541F8B9A7BCB1C52FEE8B8E629
SHA-512:	40E6FAA2F3B0BB3D46F16BEFD42A74D47E94B237A3B1609CE1A3BCF919ECCBA5F54EA7FB1DADC68C65C7D4B036A86AEC21A9030E82F83C286F89C0C50F2AF0FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ..............................H.....@.................................H...S....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\fr\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	39328
Entropy (8bit):	6.089412585212967
Encrypted:	false
SSDEEP:	768:nx2KD8g4jpHDfOP61PV+e9glnmB3WZ+nl4B1Pwk/miT1HgwbeVDap9E+8iROK:nUPBdfOP2V9MnmFnnYt/m8S9uQ+8iAK
MD5:	0D1090BFD28DD606F5D5E1D921AB30A5
SHA1:	5C57AA5434941C22D1A9FAC9A16378DFF66FCF6B
SHA-256:	DF4D970F7546A1F5947D0D5AAD5C7E2CBF65D08D61B8C5F4D855EB74A1C37E39
SHA-512:	55582F322EC0B099CF55CF4B71D2EA56131C0480890A4CF1FE845EC6A54A4944625297A3256B6E569E0EECAC0DD871D9C41C404FECFD36D1F52276E3C037F95C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....l.............. ........... ...............................)....@.....................................O....................t...%........................................................... ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B.......................H.......D...X...........P ...f...........................................f.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\id\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38304
Entropy (8bit):	6.013168732922719
Encrypted:	false
SSDEEP:	768:UCwOw4YC6Yy/649XQYBwn5XKbeVD2p9E+8iROP:UCPnYD/R9otnKQ+8iAP
MD5:	AE246C76DC983BD7A2D991333306BFD5
SHA1:	FF3A17A16AD67C3C5CBBFD1C817868893CCDA4DB
SHA-256:	EF295A86B80666DCE11311E038E3037F167FA6289B849A0F5D5FD1395DB67B14
SHA-512:	FAA4A53D3FFC311AC4302ADA1F22A12C7FDED7558BD1BF94FC4A2A940ED4C9D47005C45E713745373B083E9223D43E54F4B19316E2E3DE76D5CEB993EBFBADD3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....h............... ........... ....................................@.....................................W....................p...%........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc................j..............@..@.reloc...............n..............@..B........................H.......\...X...........P ...b...........................................b.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\it\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.022209665389889
Encrypted:	false
SSDEEP:	768:EyfpWp7JPytp3/dtRz3BNKdA/dtRzGuwBaNbeVDPp9E+8iROr:EyhoPytp3/zBydA/zBGuRcrQ+8iAr
MD5:	91A36BD2A42052F47B3FCB00D07B0C42
SHA1:	9692F75AEA3041EF2BE34BD58D7808DD5803598B
SHA-256:	B5E98E77F21C9A545999B93C69168268FDB373E71E31D37217A2C60EA57EE42C
SHA-512:	0017817753A3D84C061617DC82861D04E919B6B82DAF4C247D4913E30A0350C1EA195688FD96753BC053CDAF3CF9B8BB8299CC70EFC89A0BB1620233FFD335EC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j.............. ........... ....................................@.....................................S....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H.......0...X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ja\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	43424
Entropy (8bit):	6.313289824466315
Encrypted:	false
SSDEEP:	384:8QgMPuUt+Gk/wHdbIO6ZykDSr+O3+yKO4LZyykDStmoZWQezQtsEX6zjVDw41G9Y:XFxqnSSCQ0QtbeVDop9E+8iROZ
MD5:	065EB041FE86F539EF2F9132A73444AA
SHA1:	7A4093FB71BA782E4BB42F5B9F5C1FD48A927B7D
SHA-256:	6538E633534F92052FEADF88201631EEE778417E96D321F4C52A16307C4B6C77
SHA-512:	48EB9CDE18CE8D6E9BDD84B0E5DDE76F38D0F5FF1659AE72F2377A115A3B35D14285F6E05C2BEEBED621F8FFFBD193CF46FFF10299C4062B2FBDB138BD94C997
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....\|............... ........... ...............................C....@.................................\...O........................%........................................................... ............... ..H............text....z... ...\|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H...........X...........P ...v...........................................v.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ko\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.498273961113996
Encrypted:	false
SSDEEP:	768:i4Ppg/V7jcTLe+uFVDsykFxrd99Z8tfHlbuFVoFiBprpXVJ28X2abeVDmp9E+8iW:iuE0PkVH4xrdGhkVs+prp836Q+8iAP
MD5:	DA0FC238D168F9679A97B854D167F52E
SHA1:	5B49A441120535412CC626D487139B0AABDC0C66
SHA-256:	931AE22FAD80F5571D0CB372EB3BC2247AC4AAEF6C959DAA21C8B1FC2686D394
SHA-512:	D443571F95273E7ECEADE0D25E3624792098A3B207D47269A1B7F41988E2F65DC399FDFFE8D9FF7E5F1BCB0AFE8DBBF9E0F0407786451AFC0F3EFBBBF211B6FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ...................................@.................................L...O....................r...%........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H..........X...........P ...d...........................................d.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbahost.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	122288
Entropy (8bit):	6.643662045821993
Encrypted:	false
SSDEEP:	3072:iyjfrCvv4JR5zsemsABCF0TPSLNegl/+b:xrrCYRsehsIX/E
MD5:	C59832217903CE88793A6C40888E3CAE
SHA1:	6D9FACABF41DCF53281897764D467696780623B8
SHA-256:	9DFA1BC5D2AB4C652304976978749141B8C312784B05CB577F338A0AA91330DB
SHA-512:	1B1F4CB2E3FA57CB481E28A967B19A6FEFA74F3C77A3F3214A6B09E11CEB20AE428D036929F000710B4EB24A2C57D5D7DFE39661D5A1F48EE69A02D83381D1A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v........................}.......\|..............................o..............2~......2~......2~q.............2~......Rich....................PE..L...Tp.]...........!.....&..........(>.......@.......................................;....@.....................................x......................................T...........................H...@............@...............................text....%.......&.................. ..`.rdata...s...@...t...*..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	188848
Entropy (8bit):	6.598346436496911
Encrypted:	false
SSDEEP:	3072:iaVVzf0r2vM357+pwnohBIiv8+2kt2GOTALPN2obXbE7PKPU9+Wxhsz7CMD:iaLzfpIsHhBIqgGOTALFdbz7f
MD5:	FE7E0BD53F52E6630473C31299A49FDD
SHA1:	F706F45768BFB95F4C96DFA0BE36DF57AA863898
SHA-256:	2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80
SHA-512:	FEED48286B1E182996A3664F0FACDF42AAE3692D3D938EA004350C85764DB7A0BEA996DFDDF7A77149C0D4B8B776FB544E8B1CE5E9944086A5B1ED6A8A239A3C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:v.O~.c.~.c.~.c....t.c......c....f.c.,.g.n.c.,.`.l.c.,.f.a.c.wo..z.c.wo..c.c.~.b.\|.c..~f.g.c..~c...c..~....c.~.....c..~a...c.Rich~.c.........PE..L...Yp.]...........!................................................................1.....@.........................`.......L...................................`.......T...........................H...@...............\............................text............................... ..`.rdata..2...........................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.png Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	797
Entropy (8bit):	7.648767094164769
Encrypted:	false
SSDEEP:	12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5
MD5:	A356956FD269567B8F4612A33802637B
SHA1:	75AE41181581FD6376CA9CA88147011E48BF9A30
SHA-256:	A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
SHA-512:	A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E
Malicious:	false
Preview:	.PNG........IHDR...?...?.....W_......sRGB.........gAMA......a.....pHYs..........+......IDAThC./W.0....P(...Db+q8$.........J...-..8.e]._..;........Y... .Y....z\........{W\|..../q..<%.....C5...0....OrU....,..^........).....2.......i.Ge..T9T..}.7..J.......}..b...S.>.%y..Fc..j.X.....y."...e.U..M(ez....4\..C....u.......w..0..J.Wo."...mM.r.h..8..q..X..k!...j..xn...l...W`..r.+.R..J........c.T.}......cz..<43..@.c..rH...\|..V.....K.mN.........k....,..4OL..5..M.tm%=.U.t-7.w....k.R.....c...-].5~..]2..5...GA..[..={.5..].=(.$}.\.9..5...MWu..[#.....F..j.F...d...,..MWu.7..3......$.......G.t.....=;N<_:[......0.,1.y.\.Z.\|..%..>}...q.s....y.#p......!-.;.6!o.KO..E.6...........<..c..9_B....y....im...b...Xn.....)t9Q...........V.WMtP. .P..Z.&..KR.ac......IEND.B`.

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.thm Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3915
Entropy (8bit):	5.15881451198739
Encrypted:	false
SSDEEP:	48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP
MD5:	A20778EC90A094A62A6C3A6AB2A6DC7D
SHA1:	74C131B5FD80446FFDF2AFAD723762DD36621309
SHA-256:	F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA
SHA-512:	47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="mbapreq.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="96" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="112" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\mbapreq.wxl Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2464
Entropy (8bit):	5.076345322304751
Encrypted:	false
SSDEEP:	48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O
MD5:	4D2C8D10C5DCCA6B938B71C8F02CA8A8
SHA1:	11577021465379E9D1FF4260E607149BA5DFA6B3
SHA-256:	C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96
SHA-512:	AE791C1F05821167F1D2E1D07DBF95FE7E72B35B3E4B1E22720006C7A672B1330B748414792392B0E806F111AA4EFC1C424F4479EBDE349E3F079792DBB3BF47
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">Microsoft .NET Framework required for [WixBundleName] setup</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/passive \| /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>.. <String Id="HelpClos

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pl\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40352
Entropy (8bit):	6.310354488283983
Encrypted:	false
SSDEEP:	768:mkPGCL2myUTHoA87E37dT02gul8owaSzK637oqowakgESD0bbeVDtAp9E+8iROg:mkP555T02g68o1wcqo1AquQ+8iAg
MD5:	FECBD2AF3B28B6BFD8E0F951DE617CF3
SHA1:	08905E709CC8936D52774418301B5EF33737E773
SHA-256:	5853A6EF29FD609F501E35D03E674F0448CDE46A079C2814F92BE4E3DDCE7FF2
SHA-512:	8E7967D72004A42B92C74CAD3AAE7E6A14FD982448285DDC0EC2CBF61037F7E80B6908FBC609C805E50803D550120CF6F09AB1A041C6B3FCBA6E9F752CDD6255
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....p..........^.... ........... ...............................R....@.....................................W....................x...%........................................................... ............... ..H............text...dn... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................@.......H...........X...........P ..Yj..........................................Uj.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\pt-BR\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37280
Entropy (8bit):	6.145815174333101
Encrypted:	false
SSDEEP:	768:u3WKdhrdgMCc2HyiCeQDgefew10dNU7DbUgMfJ6gZjbeVD2p9E+8iRO4:u3VgFq0gayiQ+8iA4
MD5:	00630F6D925CA905343456825BB9F7C3
SHA1:	D1DC69D2E8CE513A0C4053A13F3E970640670853
SHA-256:	374B182B41FB62CE1CFF4F99B06CB7E402BE7758249ADD10CADC0E21BDC9E60C
SHA-512:	34380BA1C06DA88491FF89E6B6A597F47BE819978B9CF1326F5FB3F9D16CD8CDB6B3C29F1FDBEF6C1EA6EB465CC6E7EC909F6B5BA742E1FE08010A247BBA1FC1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....d.............. ........... ..............................Hn....@.....................................K....................l...%........................................................... ............... ..H............text....c... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B........................H.......0...`...........P ..._..........................................._.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\ru\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	63904
Entropy (8bit):	5.39034467207354
Encrypted:	false
SSDEEP:	1536:Q69VHjqCcFekDExtBJsLZCUuA4+cDpf49bCfAHmFrExcLp+IpfFoTMvqPc33Q+8p:Q69VHjqCcFekoxtkZu/FA8fAHmFwxyjW
MD5:	5F4FF576D99D234ED748022E41AD86A1
SHA1:	7C3C33A1E5DABF1178CCC75F2EAD082F9578FE9C
SHA-256:	7C6FF924F38ECEFB8D4946855B569D61C145C8B7809E935089A18CF900B4F669
SHA-512:	566328543F4944761EAF83223700EDA0B958EFBA7B89E9213F8509BEAB228445502486E1CA87FE1D06569A7CC2F4F522C0E72D767380DE68AB2B41780EA61A20
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!................n.... ........... .......................@.......j....@................................. ...K........................%... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H...........X...........P ..u...........................................q..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\th\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	68512
Entropy (8bit):	4.96373836759445
Encrypted:	false
SSDEEP:	1536:cfmOndidiE39wHV1+3sw95t43LdQ+8iAx:smOH11mZxYLCDx
MD5:	27E8AEE9C66C8B3940F27DE5F4ADCB04
SHA1:	2250D67F3FEB48DC054E981CA0AABD509031B6D0
SHA-256:	B69A30ABEC11B1DCDA489B533676B7401E12643276F5F331D54E3E186A5F7D23
SHA-512:	19FF3024A584653A57990E287E9A34463F63DE5CEEA517F8BB4DCB07E7326F373C81D53E87A7D47F2B7C55ED445836BD1E30A9203C7F3769ED4B385EF5BCF752
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!..................... ........... .......................@.......\|....@.................................P...K........................%... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........X...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\tr\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38816
Entropy (8bit):	6.280801304551641
Encrypted:	false
SSDEEP:	768:B7Gtq4XXYbKt7WimSjNolmKt7kvepbY7kq/XbeVDnMp9E+8iROa:B7GDiqWimw+lmqkvCbKOoQ+8iAa
MD5:	CAEFE10444EF2E702A5E6BDAEB1FFDC2
SHA1:	CD0BC746484E5ED24A29D9769F8C0B38D0C6F1B4
SHA-256:	5A9DDEBF290891DA45352B5D4328B1212C1F7E7812FCF89B656B860434F09D2A
SHA-512:	29B79B490EF6135A5F4EAF164590993C4FA1C1E494F7AA11EC6E33029A2530F227B182DD31353EB9F624055AFF8D2E24DA3B18E5647F0D74CD355E88E2F94EC4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....j............... ........... ....................................@.................................H...S....................r...%........................................................... ............... ..H............text....i... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........X...........P ...e...........................................e.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\vi\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	43936
Entropy (8bit):	6.370638365485673
Encrypted:	false
SSDEEP:	768:XfkrPatUhuHRPyagewmNX0sxTWDeC2lmHKyam4j+08YyObbbeVDjpp9E+8iROj:XfgaWhuHaewm9DMv2cHf4q5Y7qRQ+8iq
MD5:	9B01B273FD50CAE6C40DB985A4888CBB
SHA1:	2B721FD934AE295ADB13232B4DB53DD81A47DFE5
SHA-256:	BF74806443370E9BE2026E8A2D45BF420B98F6896E691A833DACCC6FBD17F840
SHA-512:	2B73E1A3E5FF5835CB4B17D0D10C222696E0188EDFC014A9EADC4B73CF819226BA71E3DB769AC1B865AE9585E9A16AB0EDF86ECC713589FA71729B64DC74CB81
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....~.............. ........... ...............................3....@.....................................K........................%........................................................... ............... ..H............text....}... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(...X...........P ...y...........................................y.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-CN\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32672
Entropy (8bit):	6.910853627790309
Encrypted:	false
SSDEEP:	768:9cZb7f0iXxpRCKamnypO/MceFqmbeVDVFp9E+8iROL:9cRffXx1ybctb3Q+8iAL
MD5:	4877E86A1734F542A7D8CB9D40A584BA
SHA1:	C7CC6EDE71D17B9D953FFC69D759E0421249EA1C
SHA-256:	8B87FE546AF95FFA73FE512C973475E31826C74B49E37DDB9D6A30F7B610247F
SHA-512:	B2D8D09055006032C57B27F52C36EE8744DF1901ADBD80BEDD4B9D4B491AD7F6E9D93F6CF3B9015767CE10AE091A86EE2C6C18FD0EE01D56EC8666DB382A1C8E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....R...........p... ........... ....................................@..................................p..K....................Z...%........................................................... ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B.................p......H....... m..`...........P ...L...........................................L.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9B11DAFB-A7F9-4DE4-BA7F-59B4A5174198}\.ba\zh-TW\BootstrapperCommonUI.Resources.dll Download File
Process:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33184
Entropy (8bit):	6.934296312564666
Encrypted:	false
SSDEEP:	768:BzEQ8R47KwynxXCFuKCfKvu2oFPc8WJgl6tdse9pHc2ClkcbeVDlAp9E+8iROC:BzEQ8kKJnxXWuKCyYGglbOFJhCQ+8iAC
MD5:	CD994FC793CB0EBAE2A5756CC0261E8D
SHA1:	2FC580C96C054F8E9DA9AB6140384609C1A8DA8B
SHA-256:	DF020E0934BDCB62431ABA18CC755BC0E498DAFABEB1C149BBAD7BA7CD7BD987
SHA-512:	88308AA92BD8871B023D9A0AD93A99123F139FECA8A350EBFE25871FC29B71C6D00717598D2E5BE3065D3DE3BF912A6794AF15FA4464B7C03F30150AAD12EABC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l`...........!.....T...........r... ........... ...............................,....@..................................r..K....................\...%........................................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................r......H.......@o..`...........P ...N...........................................N.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP....._.........................8(.........r....$Y.{......m$S...&.n.......A..<...G.....2>.S........)..YL...c5..9.j.?.T.M...P,].Q$[.d.t.x.Kcz./\|\|.A@~z>......Z.......C...t...........q.......M...........K...=.......q...

C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe Download File
Process:	C:\Users\user\Desktop\IDSAUpdate.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1122416
Entropy (8bit):	7.657850501096463
Encrypted:	false
SSDEEP:	24576:aNsfiTdYSuVzZH9tH1v1Xcl/wbvc3WxtlLwAGXhU4BmODXHiXgl:CT2pZ15bvcGrl0LXhU4BnDXHiw
MD5:	CBC3B680FDE6C81DC31BD7663E482F27
SHA1:	1F89A8DA038DE3A519FD50AA7F5B1F1F5072283B
SHA-256:	7AF48A943DB175FB1A4131EA7F4D0C018AFF8961B1DF5D9154B14BBD8418813B
SHA-512:	BEF8F3745E1126EC75AC273EDD0C4EAD329D546EA3E239A9E5800694E00DC351DE9B28A6D079903B61D03EB103C3003D651884C556F2D29D8133C0895AC15CB4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k.....wk......k.....ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......\|k..}k...k......\|k..Rich}k..........PE..L...2p.]............................q.............@.................................*AU...@.........................................................p.T..%.......=..0p..T....................p.......j..@...................4\|.......................text............................... ..`.rdata..`...........................@..@.data...............................@....wixburn8...........................@..@.rsrc...............................@..@.reloc...=.......>...D..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe Download File
Process:	C:\Users\user\Desktop\IDSAUpdate.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1122416
Entropy (8bit):	7.657850501096463
Encrypted:	false
SSDEEP:	24576:aNsfiTdYSuVzZH9tH1v1Xcl/wbvc3WxtlLwAGXhU4BmODXHiXgl:CT2pZ15bvcGrl0LXhU4BnDXHiw
MD5:	CBC3B680FDE6C81DC31BD7663E482F27
SHA1:	1F89A8DA038DE3A519FD50AA7F5B1F1F5072283B
SHA-256:	7AF48A943DB175FB1A4131EA7F4D0C018AFF8961B1DF5D9154B14BBD8418813B
SHA-512:	BEF8F3745E1126EC75AC273EDD0C4EAD329D546EA3E239A9E5800694E00DC351DE9B28A6D079903B61D03EB103C3003D651884C556F2D29D8133C0895AC15CB4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k.....wk......k.....ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......\|k..}k...k......\|k..Rich}k..........PE..L...2p.]............................q.............@.................................*AU...@.........................................................p.T..%.......=..0p..T....................p.......j..@...................4\|.......................text............................... ..`.rdata..`...........................@..@.data...............................@....wixburn8...........................@..@.rsrc...............................@..@.reloc...=.......>...D..............@..B........................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.976163327093384
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	IDSAUpdate.exe
File size:	5578512
MD5:	76a449c3ec9b08c759344aeaf6a9636d
SHA1:	eb6bb05041effc499d01935815888cf801763cf8
SHA256:	fa1ac84ae37b2c91bbffbfbd7a86d2bfa7371516ea8ed188d6446d48fda08be1
SHA512:	91e4bf840516397bf98f7fdb2aaf6c29a55721d8aba358974a5ccd4da51ef01e2cc5846dc46e217bcf4b1d253817d6d0ea11f6e3ebb09a1d427908213202046d
SSDEEP:	98304:CT0Bb1rlCXe45MSBO2q3fKFhXlXV2kHykaWBnhygxMHR/3xo22ICaO4d8NBm5lWE:CTqrlye4/qvK3FokS4nMHRP0ICwdE6lT
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k......wk.......k......ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......\|k..}k...k......\|k..Rich}k.

File Icon


Icon Hash:	ecd29859f8b2dc64

Static PE Info

General
Entrypoint:	0x42df71
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5D807032 [Tue Sep 17 05:33:38 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	42d651751c1d75ed4fa8fe71751854ff

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Intel External Issuing CA 7B, O=Intel Corporation, L=Santa Clara, S=CA, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	12/11/2020 11:00:22 AM 6/17/2021 4:59:59 PM
Subject Chain	CN=IDSA Production signing key 2021, O=Intel Corporation, L=Santa Clara, S=CA, C=US
Version:	3
Thumbprint MD5:	2296B0B5B268935D90C5F9F76605B794
Thumbprint SHA-1:	9777FC2D6BA5019CFB4C94C5AAE4D3F7AF79794B
Thumbprint SHA-256:	32120641B70F6874D1DCEBE02CDA09C7285186AE8A77F9C2C769F9F669730D8F
Serial:	5600000CC252DBEFED75ECB7AA000000000CC2

Entrypoint Preview

Instruction
call 00007F52708222DFh
jmp 00007F5270821C1Fh
int3
int3
int3
int3
int3
mov eax, dword ptr [esp+08h]
mov ecx, dword ptr [esp+10h]
or ecx, eax
mov ecx, dword ptr [esp+0Ch]
jne 00007F5270821DABh
mov eax, dword ptr [esp+04h]
mul ecx
retn 0010h
push ebx
mul ecx
mov ebx, eax
mov eax, dword ptr [esp+08h]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, dword ptr [esp+08h]
mul ecx
add edx, ebx
pop ebx
retn 0010h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
cmp cl, 00000040h
jnc 00007F5270821DB7h
cmp cl, 00000020h
jnc 00007F5270821DA8h
shrd eax, edx, cl
shr edx, cl
ret
mov eax, edx
xor edx, edx
and cl, 0000001Fh
shr eax, cl
ret
xor eax, eax
xor edx, edx
ret
push ebp
mov ebp, esp
jmp 00007F5270821DAFh
push dword ptr [ebp+08h]
call 00007F5270828188h
pop ecx
test eax, eax
je 00007F5270821DB1h
push dword ptr [ebp+08h]
call 00007F5270828211h
pop ecx
test eax, eax
je 00007F5270821D88h
pop ebp
ret
cmp dword ptr [ebp+08h], FFFFFFFFh
je 00007F52708226A4h
jmp 00007F5270822681h
push ebp
mov ebp, esp
push dword ptr [ebp+08h]
call 00007F52708226BDh
pop ecx
pop ebp
ret
push ebp
mov ebp, esp
test byte ptr [ebp+08h], 00000001h
push esi
mov esi, ecx
mov dword ptr [esi], 0046030Ch
je 00007F5270821DACh
push 0000000Ch
push esi
call 00007F5270821D7Dh
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x680b4	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6d000	0xab0c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x54f970	0x25a0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x78000	0x3dd0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x67030	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x67084	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x66a10	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4a000	0x3e0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x67c34	0x100	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x48ff7	0x49000	False	0.536788313356	data	6.57205957579	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x4a000	0x1f760	0x1f800	False	0.309632316468	data	5.13752471272	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x6a000	0x16fc	0xa00	False	0.27265625	data	3.155161303	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.wixburn	0x6c000	0x38	0x200	False	0.130859375	data	0.73125535346	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x6d000	0xab0c	0xac00	False	0.496025617733	data	6.2712034436	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x78000	0x3dd0	0x3e00	False	0.806955645161	data	6.78827071727	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x6d238	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x6d6a0	0x988	data	English	United States
RT_ICON	0x6e028	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x6f0d0	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x71678	0x33aa	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_MESSAGETABLE	0x74a24	0x2840	data	English	United States
RT_GROUP_ICON	0x77264	0x4c	data	English	United States
RT_VERSION	0x772b0	0x388	data	English	United States
RT_MANIFEST	0x77638	0x4d2	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	RegCloseKey, RegOpenKeyExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegQueryValueExW, RegDeleteValueW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW
USER32.dll	PeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW
OLEAUT32.dll	VariantInit, SysAllocString, VariantClear, SysFreeString
GDI32.dll	DeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC
SHELL32.dll	CommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW
ole32.dll	CoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CLSIDFromProgID, CoInitializeSecurity
KERNEL32.dll	GetCPInfo, GetOEMCP, IsValidCodePage, CloseHandle, CreateFileW, GetProcAddress, LocalFree, HeapSetInformation, GetLastError, GetModuleHandleW, FormatMessageW, lstrlenA, lstrlenW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, Sleep, GetLocalTime, GetModuleFileNameW, ExpandEnvironmentStringsW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, GetFullPathNameW, CompareStringW, GetCurrentProcessId, WriteFile, SetFilePointer, LoadLibraryW, GetSystemDirectoryW, CreateFileA, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FindClose, GetCommandLineA, GetCurrentDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, FindFirstFileW, FindNextFileW, MoveFileExW, GetCurrentProcess, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, FreeLibrary, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetNativeSystemInfo, GetModuleHandleExW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetCommandLineW, VerifyVersionInfoW, GetVolumePathNameW, GetDateFormatW, GetUserDefaultUILanguage, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, DuplicateHandle, InterlockedExchange, InterlockedCompareExchange, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, OpenProcess, GetProcessId, WaitForSingleObject, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, GetThreadLocale, FindFirstFileExW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DecodePointer, WriteConsoleW, GetModuleHandleA, GlobalAlloc, GlobalFree, GetFileSizeEx, CopyFileW, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, GetSystemInfo, VirtualProtect, VirtualQuery, GetComputerNameW, SetCurrentDirectoryW, GetFileType, GetACP, ExitProcess, GetStdHandle, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, LoadLibraryExA
RPCRT4.dll	UuidCreate

Version Infos

Description	Data
LegalCopyright	Copyright Intel Corporation. All rights reserved.
InternalName	setup
FileVersion	21.2.13.9
CompanyName	Intel
ProductName	Intel Driver & Support Assistant
ProductVersion	21.2.13.9
FileDescription	Intel Driver & Support Assistant
OriginalFilename	Intel-Driver-and-Support-Assistant-Installer.exe
Translation	0x0409 0x04e4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe

Click to jump to process

Memory Usage

• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe
• IDSAUpdate.exe

Click to jump to process

System Behavior

Analysis Process: IDSAUpdate.exe PID: 5468 Parent PID: 5876

Function Logs

General

Start time:	10:18:46
Start date:	09/04/2021
Path:	C:\Users\user\Desktop\IDSAUpdate.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\IDSAUpdate.exe' -install
Imagebase:	0x13c0000
File size:	5578512 bytes
MD5 hash:	76A449C3EC9B08C759344AEAF6A9636D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Created

Show Windows behavior

Thread Activities

Thread Created

Show Windows behavior

Memory Activities

Memory Allocated

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: IDSAUpdate.exe PID: 6192 Parent PID: 5468

Function Logs

General

Start time:	10:18:47
Start date:	09/04/2021
Path:	C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\Temp\{9EB16BEE-0348-434D-BDA2-74CBA87EBD30}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=496 -burn.filehandle.self=592 -install
Imagebase:	0x13e0000
File size:	1122392 bytes
MD5 hash:	F0268BD453B92DEA654860BF12352354
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Other File Operations

Device IO

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Value Queried

Key Monitored

Key Value Enumerated

Key Enumerated

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Queried

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Information Set

Show Windows behavior

Memory Activities

Memory Allocated

Memory Protection Changed

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

System Information Queried

Show Windows behavior

Timing Activities

User Timer set

Show Windows behavior

Windows UI Activities

Window Created

Window UI Enumerated

Message Posted to Windows UI

Message Posted to Windows UI Thread

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: IDSAUpdate.exe PID: 6300 Parent PID: 5876

Function Logs

General

Start time:	10:18:50
Start date:	09/04/2021
Path:	C:\Users\user\Desktop\IDSAUpdate.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\IDSAUpdate.exe' /install
Imagebase:	0x13c0000
File size:	5578512 bytes
MD5 hash:	76A449C3EC9B08C759344AEAF6A9636D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Created

Show Windows behavior

Thread Activities

Thread Created

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: IDSAUpdate.exe PID: 6364 Parent PID: 6300

Function Logs

General

Start time:	10:18:51
Start date:	09/04/2021
Path:	C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\Temp\{A580C6BD-2FCE-47BA-B85C-38BB542760C8}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=596 /install
Imagebase:	0xad0000
File size:	1122392 bytes
MD5 hash:	F0268BD453B92DEA654860BF12352354
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Other File Operations

Device IO

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Value Queried

Key Monitored

Key Value Enumerated

Key Enumerated

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Queried

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Information Set

Show Windows behavior

Memory Activities

Memory Allocated

Memory Protection Changed

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

System Information Queried

Show Windows behavior

Timing Activities

User Timer set

Show Windows behavior

Windows UI Activities

Window Created

Window UI Enumerated

Message Posted to Windows UI

Message Posted to Windows UI Thread

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: IDSAUpdate.exe PID: 6472 Parent PID: 5876

Function Logs

General

Start time:	10:18:53
Start date:	09/04/2021
Path:	C:\Users\user\Desktop\IDSAUpdate.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\IDSAUpdate.exe' /load
Imagebase:	0x13c0000
File size:	5578512 bytes
MD5 hash:	76A449C3EC9B08C759344AEAF6A9636D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Created

Show Windows behavior

Thread Activities

Thread Created

Show Windows behavior

Memory Activities

Memory Allocated

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: IDSAUpdate.exe PID: 6500 Parent PID: 6472

Function Logs

General

Start time:	10:18:54
Start date:	09/04/2021
Path:	C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\Temp\{74B5E206-1FFE-415F-AAC7-A202EAA1F791}\.cr\IDSAUpdate.exe' -burn.clean.room='C:\Users\user\Desktop\IDSAUpdate.exe' -burn.filehandle.attached=564 -burn.filehandle.self=584 /load
Imagebase:	0xa50000
File size:	1122392 bytes
MD5 hash:	F0268BD453B92DEA654860BF12352354
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Other File Operations

Device IO

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Value Queried

Key Monitored

Key Value Enumerated

Key Enumerated

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Queried

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Information Set

Show Windows behavior

Memory Activities

Memory Allocated

Memory Protection Changed

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

System Information Queried

Show Windows behavior

Timing Activities

User Timer set

Show Windows behavior

Windows UI Activities

Window Created

Window UI Enumerated

Message Posted to Windows UI

Message Posted to Windows UI Thread

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Code Analysis

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report IDSAUpdate.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: IDSAUpdate.exe PID: 5468 Parent PID: 5876

General

File Activities

File Opened