Windows Analysis Report
at.zip

Overview

General Information

Sample name:	at.zip
Analysis ID:	1538487
MD5:	6dd87a1d9baaf21fa3442e6680e0e447
SHA1:	52bde540e5ae24f09118318242fcc0c3f2ef51e5
SHA256:	54cc640764057626ed48c0c5a6067325c65a8793b50f2e8ec55b2343d7ba5c45
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)

Loading BitLocker PowerShell Module

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Query firmware table information (likely to detect VMs)

Tries to delay execution (extensive OutputDebugStringW loop)

AV process strings found (often used to terminate AV products)

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for available system drives (often done to infect USB drives)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Too many similar processes found

Classification

Signatures

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\readme.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5669AB71-1302-4412-8DA1-CB69CD7B7324}

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\readme.txt			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txt			Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

File opened: C:\Windows\TEMP\inv5098_tmp\msvcr100.dll

Source:	Binary string: C:\CodeBases\isdev\Redist\Language Independent\i386\ISSetup.pdb source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: DismCorePS.pdb source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom.Loader\obj\Release\Update.Custom.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1782091857.0000028ED0522000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Principal\obj\Release\Update.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.Classic\obj\Release\Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756041385.0000028EB72C2000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: DISMProv.pdb source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: Storage.Classic.dll.12.dr
Source:	Binary string: C:\Projects\Crossword\prasanna_mishra_jigsaw_1.0\jigsaw\jigsaw_src\StaticIC\StaticIC\Release\StaticIC.pdb source: StaticIC.exe.62.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdbH_b_ T__CorDllMainmscoree.dll source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Core\bin\Release\net45\System.Reactive.Core.pdb source: ServiceShell.exe, 00000032.00000002.1776516728.0000028ED01B2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdbL source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: dismhost.pdbGCTL source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: dismhost.pdb source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Principal\obj\Release\WindowsManagement.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2514158477.000002AF6BCE2000.00000002.00000001.01000000.00000040.sdmp, WindowsManagement.Principal.dll.12.dr
Source:	Binary string: AppxProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\UpdateScheduler.Principal\obj\Release\UpdateScheduler.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdbxp source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Core.Classic\obj\Release\ServiceShell.Core.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757240624.0000028EB7802000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: OfflineSetupProvider.pdbGCTL source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.Configuration.dll.12.dr
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\DRVUpdate.pdb source: DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdb source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: DpInst.pdbH source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\PNPUpdate.pdb source: PNPUpdate.exe.62.dr
Source:	Binary string: c:\jenkins\jobs\DCU2.1\workspace\DCU\Source\Tools\Internal\DemoDpinst\obj\Release\dpinst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: c:\CodeBases\isdev\Src\Runtime\MSI\CustomActions\ClrPSHelper\obj\x64\Release\ClrPSHelper.pdb source: 532a59.rbs.12.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.RemoteStorage.Classic\obj\Release\Configuration.RemoteStorage.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2513379047.000002AF6BC02000.00000002.00000001.01000000.0000003F.sdmp, Configuration.RemoteStorage.Classic.dll0.12.dr
Source:	Binary string: bacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DmiProvider.pdb source: DmiProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: DISMProv.pdbGCTL source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdb source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ImagingProvider.pdb source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdb source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\SharpBITS.Base\obj\Release\SharpBITS.Base.pdb source: ServiceShell.exe, 00000039.00000002.2539864659.000002AF6C772000.00000002.00000001.01000000.00000047.sdmp, SharpBITS.Base.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\UserSettings.Configuration.Classic\obj\Release\UserSettings.Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756184608.0000028EB72E2000.00000002.00000001.01000000.00000015.sdmp, UserSettings.Configuration.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom\obj\Release\Update.Custom.pdb source: ServiceShell.exe, 00000032.00000002.1781970252.0000028ED0512000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: FfuProvider.pdb source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: ISBEW64.exe, 0000000E.00000000.1373616080.00007FF61EDC7000.00000002.00000001.01000000.00000006.sdmp, ISBEW64.exe, 00000018.00000000.1383569184.00007FF629957000.00000002.00000001.01000000.00000007.sdmp, ISBEW64.exe, 00000025.00000000.1499833281.00007FF7C0077000.00000002.00000001.01000000.00000008.sdmp, ISBEW64.exe0.13.dr
Source:	Binary string: DpInst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000000.1528658920.0000028EB6E92000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdbT source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: LogProvider.pdb source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdbt; source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: ImagingProvider.pdbGCTL source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\_IsRes2k\0009-English\Debug\_isres_0x0409.pdb source: _isres_0x0409.dll0.13.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdbhd source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.exe, 00000032.00000002.1755937437.0000028EB72B2000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: LogProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Loader\obj\Release\ServiceShell.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1757667211.0000028EB7872000.00000002.00000001.01000000.0000001B.sdmp, ServiceShell.Loader.dll.12.dr
Source:	Binary string: C:\DSIA\crossword\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\SCSIUpdate.pdb source: SCSIUpdate.exe.62.dr
Source:	Binary string: AppxProvider.pdb source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdb source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: Update.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Principal\obj\Release\Storage.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2515948801.000002AF6BE02000.00000002.00000001.01000000.00000042.sdmp
Source:	Binary string: DmiProvider.pdbGCTL source: DmiProvider.dll.53.dr
Source:	Binary string: msvcr100.i386.pdb source: invcol.exe, 00000041.00000002.2282658956.0000000073CE1000.00000020.00000001.01000000.00000031.sdmp
Source:	Binary string: msvcp100.i386.pdb source: invcol.exe, 00000041.00000002.2281502645.000000006CD61000.00000020.00000001.01000000.00000033.sdmp, invcol.exe, 00000045.00000002.2328667240.000000006CC31000.00000020.00000001.01000000.0000003C.sdmp, msvcp100.dll.61.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb\O source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: OfflineSetupProvider.pdb source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Logger\Logger.Classic\obj\Release\Logger.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756981070.0000028EB7432000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb8,R, D,_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Proxy\obj\Release\UpdateTelemetry.Proxy.pdb source: ServiceShell.exe, 00000039.00000002.2517599079.000002AF6BFB2000.00000002.00000001.01000000.00000044.sdmp, UpdateTelemetry.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdb source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: Storage.Classic.dll.12.dr
Source:	Binary string: c:\Dev\Esskar\Serialize.Linq\src\Serialize.Linq.Net45\obj\Release\Serialize.Linq.pdb source: ServiceShell.exe, 00000032.00000002.1777354098.0000028ED02C2000.00000002.00000001.01000000.00000026.sdmp, Serialize.Linq.dll0.12.dr
Source:	Binary string: OSProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdb source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: FfuProvider.pdbGCTL source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Scheduler\Scheduler\obj\Release\Scheduler.pdb source: ServiceShell.exe, 00000032.00000002.1785810546.0000028ED0C82000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Principal\obj\Release\UpdateTelemetry.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdbhK source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: DismCorePS.pdbGCTL source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Interop\Interop.Classic\obj\Release\Interop.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757450729.0000028EB7832000.00000002.00000001.01000000.00000019.sdmp, Interop.Classic.dll0.12.dr
Source:	Binary string: OSProvider.pdb source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb@4Z4 L4_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: DpInst.pdbp source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdbh> source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Notifications\obj\Release\ServiceShell.Notifications.pdb source: ServiceShell.exe, 00000032.00000002.1776740754.0000028ED01D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb( source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdbD7^7 P7_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: Update.Classic.dll0.12.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdb source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: .pdbH source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: indoC:\Windows\Scheduler.pdb source: ServiceShell.exe, 00000039.00000002.2453945924.000000C80B770000.00000004.00000010.00020000.00000000.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File opened: d:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: dellupdater.dell.com
Source: global traffic	DNS traffic detected: DNS query: downloads.dell.com

Source: ThunderboltRegModule.exe.62.dr	String found in binary or memory: ftp://http://hrefbaseheadhtml%.20s%ddefault%d%.20scopying
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.en
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.ent/evcs1-chain256U
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr	String found in binary or memory: http://aia.entrust.net/evcs1-chain256.cer01
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c01
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7cg
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer$
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer5xD
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.en
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.en%
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl(xQ
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crlfx
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl5
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/evcs1.crl
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr	String found in binary or memory: http://crl.entrust.net/evcs1.crl0J
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr	String found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crl7
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlE
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlM
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlk
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlo
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlq
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ovcs2.crl
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ovcs2.crl-
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/ovcs2.crl0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.cr
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl-xl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl3
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl;xB
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crlOxN
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crlR
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crlkx
Source: DismHost.exe, 00000036.00000003.1656886936.000001A279CFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000002.00000002.2464209907.0000028260E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C0F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.net/evcs1.crl00A06
Source: ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme.k
Source: ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/encj
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/aia/externalissuingca2.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/cps/dellinccps.htm0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crl0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/crl/externalissuingca2.crl0P
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://exslt.org/common
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://exslt.org/commonxsl:sort
Source: svchost.exe, 00000002.00000003.1202943646.0000028260C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: invcol.exe, 00000045.00000003.2324251088.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://icl.com/saxon
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://icl.com/saxonFound
Source: Newtonsoft.Json.dll.12.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net(h8H&
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTXgePhfsJco9hFmE0qWx1GtVqUPQQUKnCVOp%2F2k8Xzis
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQYZiPAAGkmN%2BgbjpL0XWVofDLNAQUKgpvMiwpICF2ar
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRKiO2Poi0XFwdRr1PZXruPzTMZAQU75%2B6ebBz8iUeeJ
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRzOQUpInJktokRKeuwxSyxHXa9owQUw8Jx0nvXaAWuOzmb
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr	String found in binary or memory: http://ocsp.entrust.net00
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://ocsp.entrust.net01
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.dr	String found in binary or memory: http://ocsp.entrust.net02
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr	String found in binary or memory: http://ocsp.entrust.net03
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr	String found in binary or memory: http://ocsp.entrust.net05
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/ts1-chain256.cerLF
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net3
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net8
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netD
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netJhZH
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.neta
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/2048ca.crl
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/2048ca.crlu
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/evcs1.crl
Source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED06E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/g2ca.crl9
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/ts1ca.crl
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.neti
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nett
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netxhHH
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entr~
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ocsp.thawte.com0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://reactivex.io/0
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr, ThunderboltRegModule.exe.62.dr	String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://s.symcd.com06
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://s2.symcb.com0
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.Core
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.Corex
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.Storage
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.Update
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.UpdateZ
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.WindowsManagement
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Serialize.Linq.Nodes
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Serialize.Linq.NodesH
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.IO
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Linq.Expressions
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml
Source: StaticIC.exe.62.dr	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/staticinventory.xsd
Source: DismHost.exe, 00000036.00000002.1720338328.000001A279A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft
Source: DismHost.exe, 00000036.00000003.1658367099.000001A279CF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.c
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/rol
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F00000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://sf.symcd.com0&
Source: SCSIUpdate.exe.62.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://sv.symcd.com0&
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBinding
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBinding_
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBindingb
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/H
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C0F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wst.net/rpa0
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.adrchambers.com/
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://www.apache.org/).
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 00000004.00000002.1366939262.000001F1C0413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bingmapsportal.com
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://www.dell.com
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Interop.Classic.dll0.12.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://www.entrust.net/rpa0
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2468001112.000002AF52C45000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr	String found in binary or memory: http://www.entrust.net/rpa03
Source: ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.flexerasoftware.com0
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://www.jclark.com/xt
Source: invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xtmp_1
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://www.jclark.com/xtnode-sethttp://xmlsoft.org/XSLT/namespacexsl:import
Source: Newtonsoft.Json.dll.12.dr	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.symauth.com/cps0(
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.symauth.com/rpa00
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80FC000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80F0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80BD000.00000004.00000800.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682274411.000001A27A346000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.or
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://xmlsoft.org/XSLT/Registering
Source: invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ISBEW64.exe0.13.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, ISRT.dll.13.dr, StaticIC.exe.62.dr, 532a59.rbs.12.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://d.symcb.com/cps0%
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ISBEW64.exe0.13.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, ISRT.dll.13.dr, StaticIC.exe.62.dr, 532a59.rbs.12.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://d.symcb.com/rpa0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dellupdater.dell.com/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/
Source: Service.log.50.dr	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/CatalogIndexPC.cab
Source: svchost.exe, 00000002.00000002.2462330694.000002825C540000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185094103.0000028260C55000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2463421692.0000028260C5F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/CatalogIndexPC.cab3C:
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/Platform/
Source: svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000004.00000003.1366423405.000001F1C045F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367082424.000001F1C0465000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1366220951.000001F1C0486000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367082424.000001F1C0465000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367017153.000001F1C0444000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/2
Source: Service.log.50.dr	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab
Source: svchost.exe, 00000002.00000002.2461270036.000002825C100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab312
Source: svchost.exe, 00000002.00000002.2462330694.000002825C540000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2471779399.0000028261220000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185094103.0000028260C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab3C:
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabN
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabe
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabm/
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabocLMEMp
Source: svchost.exe, 00000002.00000002.2466616382.0000028260E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabp
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/DriverPackCatalog.CAB
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/DriverPackCatalog.CAB1Cannot
Source: svchost.exe, 00000002.00000002.2467383721.0000028260EA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com:443/catalog/CatalogIndexPC.cablog/CatalogIndexPC.cabVolume
Source: svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1367017153.000001F1C0444000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366423405.000001F1C045F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000002.00000003.1202943646.0000028260CC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
Source: svchost.exe, 00000002.00000003.1202943646.0000028260CB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
Source: DismHost.exe, 00000036.00000003.1700313847.000001A279FB4000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1695283467.000001A279BEC000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1685119986.000001A27A4A3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1696116252.000001A279FAB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680525296.000001A27A4A3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1679450558.000001A27A4A2000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1691948065.000001A279ED5000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680988314.000001A27A3E8000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1723935671.000001A279E40000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1724381865.000001A279EFB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1702361908.000001A279E08000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1675318300.000001A279B42000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1700841640.000001A279EF6000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1706343758.000001A279F14000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1672461592.000001A27A478000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680089697.000001A27A4BA000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1709231602.000001A279FCD000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1690660113.000001A279F00000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1724656503.000001A279FB3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1697671423.000001A279F14000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1704740036.000001A279EFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://microsoft.sharepoint.com/teams/appxmanifest/SitePages/Home.aspx
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://opensource.dell.com/
Source: DismHost.exe, 00000036.00000003.1696721909.000001A279DE1000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1678004006.000001A27A3CB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682560908.000001A27A3E8000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1704740036.000001A279EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://osgwiki.com/wiki/Manifest_Request
Source: MSI2fadb.LOG.12.dr	String found in binary or memory: https://support.dell.com
Source: log4net.dll.12.dr	String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virt
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtu
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.8?C
Source: svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366467857.000001F1C045D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp	String found in binary or memory: https://tm-sdk.platinumai.net
Source: MSI2fadb.LOG.12.dr	String found in binary or memory: https://www.dell.com
Source: readme.txt.12.dr	String found in binary or memory: https://www.dell.com/contactus
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://www.dell.com/servicecontracts/global
Source: readme.txt.12.dr	String found in binary or memory: https://www.dell.com/support
Source: svchost.exe, 00000002.00000002.2466058940.0000028260E5D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2466616382.0000028260E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dell.com/support/onlineapi/nellogger/log
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: https://www.entrust.net/rpa0
Source: Newtonsoft.Json.dll.12.dr	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	File created: C:\Users\user\AppData\Local\Temp\APPX.6dty55tqcko6vfohyya_ri47e.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	File created: C:\Users\user\AppData\Local\Temp\APPX.t8mqwtu5j5pg8c5nai0t49rcf.tmp			Jump to dropped file

Too many similar processes found

Source: ISBEW64.exe

Process created: 61

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\532a58.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{5669AB71-1302-4412-8DA1-CB69CD7B7324}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2E4F.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ECD.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5A14.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\532a5a.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\532a5a.msi	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	File created: C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2EF74E71-39CF-4E5B-A8B9-6E1C57F9D94F}.crmlog
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	File created: C:\Windows\invcol.tmp

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI2ECD.tmp

Jump to behavior

PE file contains executable resources (Code or Archives)

Source: MSIFDEB.tmp.11.dr	Static PE information: Resource name: PUBLICKEY type: b.out overlay separate pure segmented executable V2.3 186 286 286 386 Large Text Large Data Huge Objects Enabled
Source: MSI166.tmp.11.dr	Static PE information: Resource name: PUBLICKEY type: b.out overlay separate pure segmented executable V2.3 186 286 286 386 Large Text Large Data Huge Objects Enabled

Source: ThunderboltRegModule.exe.62.dr	Binary string: E\Device\PhysicalMemoryntdll.dllkernel32.dllNtOpenSectionNtCloseNtMapViewOfSectionNtUnmapViewOfSectionRtlInitUnicodeStringZwSystemDebugControlEnumSystemFirmwareTablesGetSystemFirmwareTable\device\physicalmemoryHandle to physical memory was not set or could not be opened.Error accessing buffer.Error mapping physical memory.Error unmapping physical memory.Could not use Debug Sysctl to read physical memory.Could not locate a table which can be used.Failed to allocate memory for Firmware table.GetSystemFirmwareTable returned 0 for table length.EnumSystemFirmwareTables returned 0 for table size.Could not load ntdll functions!SeDebugPrivilegewriting to physical memory is not implemented on Windows yet.dfG
Source: ThunderboltRegModule.exe.62.dr	Binary string: \Device\PhysicalMemory
Source: DmiProvider.dll.53.dr	Binary string: WdsCopyFileEx: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u msWdsCopyFileEx: Failed to strip file attributes for %s, will delete. GLE = 0x%xWdsCopyFileEx: Failed to delete %s. GLE = 0x%xkernel32.dllFindFirstFileNameWFindNextFileNameWDeleteFileEx: Spoofing detected deleting [%s] -> [%s]\\?\Volume{DeleteFileEx: Unable to allocate hardlink path bufferDeleteFileEx: Unable to remove [%s]; GLE = 0x%xDeleteFileEx: hardlink given to us is: %sDeleteFileEx: Trying to set back attributes on: %sDeleteFileEx: Unable to restore attributes on [%s]; GLE = 0x%xDeleteFileEx: Unable to clear out attributes on [%s]; GLE = 0x%xDeleteFileEx: Unable to get information on [%s]; GLE = 0x%xDeleteFileEx: Unable to delete [%s]; GLE = 0x%xDeleteFileEx: Unable to open [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to clear attributes on [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to remove directory [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to prepare path [%s]; GLE = 0x%xEnumeratePathEx: Unable to get reparse tag for persistent reparse point; GLE = 0x%x*...EnumeratePathEx: Unable to enumerate [%s]; GLE = 0x%xEnumeratePathEx: Callback requested enumeration interruption or hit internal enumeration failure on [%s]; GLE = 0x%xEnumeratePathEx: Unable to construct path under [%s]; GLE = 0x%xEnumeratePathEx: FindFirstFile failed for [%s]; GLE = 0x%xEnumeratePathEx: Failed search path is >= MAX_PATH!CopyDirectoryDirCallback: The copy was canceled by the user.CopyDirectoryFileCallback: The copy was canceled by the user.user32.dllSendMessageWmovecopyCopyDirectoryFileCallback: Unable to %s file from [%s] to [%s]; GLE = 0x%xCopyDirectoryEx2: Specified directory [%s] doesn't existCopyDirectoryEx2: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u ms; am on try %u.\\?\UNCCreatePath: Unable to create [%s]; GLE = 0x%xCreatePath: Unable to create parent directory for [%s]; GLE = 0x%x\\?\GLOBALROOT\Device\\{bf1a281b-ad7b-4476-ac95-f47682990ce7}..{}..
Source: OfflineSetupProvider.dll.53.dr	Binary string: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-WIN-%s\%s\Device\KsecDD0123456789ABCDEFGHIJKLMNOPQRSTUVMUI%s\%s\%s.mui%s\%s.mui.\%s\%s.mui.\%s.muiMUI\%04hx
Source: icsvc32.dll.62.dr	Binary string: \Device\PhysicalMemoryntdll.dllkernel32.dllNtOpenSectionNtCloseNtMapViewOfSectionNtUnmapViewOfSectionRtlInitUnicodeStringZwSystemDebugControlEnumSystemFirmwareTablesGetSystemFirmwareTable\device\physicalmemoryHandle to physical memory was not set or could not be opened.Error accessing buffer.Error mapping physical memory.Error unmapping physical memory.Could not use Debug Sysctl to read physical memory.Could not locate a table which can be used.Failed to allocate memory for Firmware table.GetSystemFirmwareTable returned 0 for table length.EnumSystemFirmwareTables returned 0 for table size.Could not load ntdll functions!SeDebugPrivilegewriting to physical memory is not implemented on Windows yet.

Source: classification engine

Classification label: mal60.evad.winZIP@107/1001@4/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\Dell

Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Log_Service.log
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\3C0983922B7A37F32E4DADF6C3705488
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\51DC44F7D66E991AFDEE94749C67F5B1
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6212:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\6103E6FEA6513F7D8641496DF3C42447
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\63D3958AD4137B17EEA6FDDC9E63D2FF
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\9BAB89858416B94B57169E6F44E791DC
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\01EA8B2198FD50AAE6B5CEA9721955F5
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\A7E5FF56E202B41EAAC42B17A256D73C
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Clients_CommandUpdate_Scheduler.dat
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\27CD7570C4C0E5DBC7983D2A71155F5E
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\1F9CF2888AAC14E30813E527230DBB05
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\CD63157A1FBFE56BD8E5632E9DE511B0
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\07F5ABE778811D938251CC7B2F4E1130
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\08A40336CB4486523758172D07374B6E
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\E5573EA3076405C89A19BF7E0B09A395
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\4E36918A3031C928AE18B751103E44B0
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\28C755528B74E002DD8710E57794A689
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\WdsSetupLogInit
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\56CBA0F550C102E4764BA8DAE2218ECA
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\8659A036D365487B59B7B48E26D661D1
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\TIMER:C__ProgramData_Dell_UpdateService_Clients_CommandUpdate_Scheduler.dat
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Mutant created: NULL
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Log_Activity.log
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6668:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\CD519571451D12B765701B9BE164F1B3
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\7837B0190866F359D0E29347FB941532
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\F036C5A7E9DF3D703CDA4DE7A6B7A18B
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\DC6899D66958FD8C26C1022E00DD6773
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\D1A1B428E0C83DF495CE498FA6EB0704
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:304:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\93A2A6F52B8C2F043E8A7EEFCD649BB6
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\EBDB0655BF853ED705269172962984F6
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2356:120:WilError_03

Source: C:\Windows\System32\svchost.exe

File created: C:\ProgramData\Dell\UpdateService\Temp\BIT908F.tmp

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
Source: unknown	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Source: unknown	Process created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh
Source: unknown	Process created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp\invcol.exe C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv65D5_tmp\invcol.exe C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp\invcol.exe C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv65D5_tmp\invcol.exe C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"

Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: moshost.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mapsbtsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mosstorage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mapconfiguration.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: storsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fltlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: storageusage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostservice.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: networkhelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userdataplatformhelperutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mccspal.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcfgutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcmnutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dmxmlhelputils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: inproclogger.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: synccontroller.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pimstore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: accountaccessor.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: systemeventsbrokerclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatalanguageutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mccsengineshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cemapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatatypehelperutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: phoneutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dispex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: vbscript.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dispex.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: scrrun.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: mfcsubs.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: comsvcs.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: catsrvps.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: catsrvut.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: es.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: stclient.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: comsvcs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: txflog.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: es.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: xolehlp.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: msdtcprx.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mtxclu.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: catsrv.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mfcsubs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: catsrvps.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: msdtctm.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: msdtcprx.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: msdtclog.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: mtxclu.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: mtxclu.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: xolehlp.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: comres.dll

Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\IsConfig.ini

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\readme.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5669AB71-1302-4412-8DA1-CB69CD7B7324}

Jump to behavior

Source: at.zip

Static file information: File size 14491122 > 1048576

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

File opened: C:\Windows\TEMP\inv5098_tmp\msvcr100.dll

Source:	Binary string: C:\CodeBases\isdev\Redist\Language Independent\i386\ISSetup.pdb source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: DismCorePS.pdb source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom.Loader\obj\Release\Update.Custom.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1782091857.0000028ED0522000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Principal\obj\Release\Update.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.Classic\obj\Release\Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756041385.0000028EB72C2000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: DISMProv.pdb source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: Storage.Classic.dll.12.dr
Source:	Binary string: C:\Projects\Crossword\prasanna_mishra_jigsaw_1.0\jigsaw\jigsaw_src\StaticIC\StaticIC\Release\StaticIC.pdb source: StaticIC.exe.62.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdbH_b_ T__CorDllMainmscoree.dll source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Core\bin\Release\net45\System.Reactive.Core.pdb source: ServiceShell.exe, 00000032.00000002.1776516728.0000028ED01B2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdbL source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: dismhost.pdbGCTL source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: dismhost.pdb source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Principal\obj\Release\WindowsManagement.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2514158477.000002AF6BCE2000.00000002.00000001.01000000.00000040.sdmp, WindowsManagement.Principal.dll.12.dr
Source:	Binary string: AppxProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\UpdateScheduler.Principal\obj\Release\UpdateScheduler.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdbxp source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Core.Classic\obj\Release\ServiceShell.Core.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757240624.0000028EB7802000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: OfflineSetupProvider.pdbGCTL source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.Configuration.dll.12.dr
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\DRVUpdate.pdb source: DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdb source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: DpInst.pdbH source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\PNPUpdate.pdb source: PNPUpdate.exe.62.dr
Source:	Binary string: c:\jenkins\jobs\DCU2.1\workspace\DCU\Source\Tools\Internal\DemoDpinst\obj\Release\dpinst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: c:\CodeBases\isdev\Src\Runtime\MSI\CustomActions\ClrPSHelper\obj\x64\Release\ClrPSHelper.pdb source: 532a59.rbs.12.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.RemoteStorage.Classic\obj\Release\Configuration.RemoteStorage.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2513379047.000002AF6BC02000.00000002.00000001.01000000.0000003F.sdmp, Configuration.RemoteStorage.Classic.dll0.12.dr
Source:	Binary string: bacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DmiProvider.pdb source: DmiProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: DISMProv.pdbGCTL source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdb source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ImagingProvider.pdb source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdb source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\SharpBITS.Base\obj\Release\SharpBITS.Base.pdb source: ServiceShell.exe, 00000039.00000002.2539864659.000002AF6C772000.00000002.00000001.01000000.00000047.sdmp, SharpBITS.Base.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\UserSettings.Configuration.Classic\obj\Release\UserSettings.Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756184608.0000028EB72E2000.00000002.00000001.01000000.00000015.sdmp, UserSettings.Configuration.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom\obj\Release\Update.Custom.pdb source: ServiceShell.exe, 00000032.00000002.1781970252.0000028ED0512000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: FfuProvider.pdb source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: ISBEW64.exe, 0000000E.00000000.1373616080.00007FF61EDC7000.00000002.00000001.01000000.00000006.sdmp, ISBEW64.exe, 00000018.00000000.1383569184.00007FF629957000.00000002.00000001.01000000.00000007.sdmp, ISBEW64.exe, 00000025.00000000.1499833281.00007FF7C0077000.00000002.00000001.01000000.00000008.sdmp, ISBEW64.exe0.13.dr
Source:	Binary string: DpInst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000000.1528658920.0000028EB6E92000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdbT source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: LogProvider.pdb source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdbt; source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: ImagingProvider.pdbGCTL source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\_IsRes2k\0009-English\Debug\_isres_0x0409.pdb source: _isres_0x0409.dll0.13.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdbhd source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.exe, 00000032.00000002.1755937437.0000028EB72B2000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: LogProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Loader\obj\Release\ServiceShell.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1757667211.0000028EB7872000.00000002.00000001.01000000.0000001B.sdmp, ServiceShell.Loader.dll.12.dr
Source:	Binary string: C:\DSIA\crossword\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\SCSIUpdate.pdb source: SCSIUpdate.exe.62.dr
Source:	Binary string: AppxProvider.pdb source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdb source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: Update.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Principal\obj\Release\Storage.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2515948801.000002AF6BE02000.00000002.00000001.01000000.00000042.sdmp
Source:	Binary string: DmiProvider.pdbGCTL source: DmiProvider.dll.53.dr
Source:	Binary string: msvcr100.i386.pdb source: invcol.exe, 00000041.00000002.2282658956.0000000073CE1000.00000020.00000001.01000000.00000031.sdmp
Source:	Binary string: msvcp100.i386.pdb source: invcol.exe, 00000041.00000002.2281502645.000000006CD61000.00000020.00000001.01000000.00000033.sdmp, invcol.exe, 00000045.00000002.2328667240.000000006CC31000.00000020.00000001.01000000.0000003C.sdmp, msvcp100.dll.61.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb\O source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: OfflineSetupProvider.pdb source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Logger\Logger.Classic\obj\Release\Logger.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756981070.0000028EB7432000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb8,R, D,_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Proxy\obj\Release\UpdateTelemetry.Proxy.pdb source: ServiceShell.exe, 00000039.00000002.2517599079.000002AF6BFB2000.00000002.00000001.01000000.00000044.sdmp, UpdateTelemetry.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdb source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: Storage.Classic.dll.12.dr
Source:	Binary string: c:\Dev\Esskar\Serialize.Linq\src\Serialize.Linq.Net45\obj\Release\Serialize.Linq.pdb source: ServiceShell.exe, 00000032.00000002.1777354098.0000028ED02C2000.00000002.00000001.01000000.00000026.sdmp, Serialize.Linq.dll0.12.dr
Source:	Binary string: OSProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdb source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: FfuProvider.pdbGCTL source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Scheduler\Scheduler\obj\Release\Scheduler.pdb source: ServiceShell.exe, 00000032.00000002.1785810546.0000028ED0C82000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Principal\obj\Release\UpdateTelemetry.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdbhK source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: DismCorePS.pdbGCTL source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Interop\Interop.Classic\obj\Release\Interop.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757450729.0000028EB7832000.00000002.00000001.01000000.00000019.sdmp, Interop.Classic.dll0.12.dr
Source:	Binary string: OSProvider.pdb source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb@4Z4 L4_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: DpInst.pdbp source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdbh> source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Notifications\obj\Release\ServiceShell.Notifications.pdb source: ServiceShell.exe, 00000032.00000002.1776740754.0000028ED01D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb( source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdbD7^7 P7_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: Update.Classic.dll0.12.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdb source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: .pdbH source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: indoC:\Windows\Scheduler.pdb source: ServiceShell.exe, 00000039.00000002.2453945924.000000C80B770000.00000004.00000010.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: MSIFDEB.tmp.11.dr	Static PE information: section name: .orpc
Source: MSI166.tmp.11.dr	Static PE information: section name: .orpc

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCore.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Quartz.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5A14.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIFCFF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIFDEB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIFBC6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Execution.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSID7E3.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIBE3F.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\invcol.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI166.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ECD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\invcol.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ECD.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\invcol.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\invcol.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\dsupt32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5A14.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\dsupt32.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

File created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\readme.txt			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txt			Jump to behavior

Creates or modifies windows services

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\msiexec.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\msiexec.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service where Name = 'DellClientManagementService'
Source: C:\Windows\SysWOW64\msiexec.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Service.Name="DellClientManagementService"::StopService
Source: C:\Windows\SysWOW64\msiexec.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service where Name = 'DellClientManagementService'

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe

System information queried: FirmwareTableInformation

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Section loaded: OutputDebugStringW count: 218

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 28EB70C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 28ECF960000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 2AF52A50000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 2AF6B1A0000 memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\PIEConfig.xml
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\DrvCfg64.ini
Source: C:\Windows\System32\svchost.exe	File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}	Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\DrvCfg32.ini
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\PIEInfo.txt

Contains long sleeps (>= 3 min)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 7144
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 2653
Source: C:\Windows\System32\dllhost.exe	Window / User API: threadDelayed 1787
Source: C:\Windows\System32\msdtc.exe	Window / User API: threadDelayed 2000
Source: C:\Windows\System32\msdtc.exe	Window / User API: threadDelayed 7960
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 6788
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 2593

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Quartz.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI5A14.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFCFF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFDEB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFBC6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Execution.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID7E3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBE3F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI166.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI2ECD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\svchost.exe TID: 7060	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3312	Thread sleep count: 7144 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3312	Thread sleep count: 2653 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2012	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\dllhost.exe TID: 1092	Thread sleep count: 1787 > 30
Source: C:\Windows\System32\dllhost.exe TID: 1092	Thread sleep time: -178700s >= -30000s
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep count: 2000 > 30
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep time: -200000s >= -30000s
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep count: 7960 > 30
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep time: -796000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 2128	Thread sleep count: 1618 > 30
Source: C:\Windows\System32\msiexec.exe TID: 2128	Thread sleep count: 8251 > 30
Source: C:\Windows\System32\msiexec.exe TID: 2188	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2932	Thread sleep count: 114 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2932	Thread sleep count: 6788 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 812	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496	Thread sleep count: 233 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496	Thread sleep count: 86 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496	Thread sleep count: 33 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 812	Thread sleep count: 2593 > 30
Source: C:\Windows\Temp\inv5098_tmp\invcol.exe TID: 4196	Thread sleep count: 100 > 30
Source: C:\Windows\Temp\inv65D5_tmp\invcol.exe TID: 2664	Thread sleep count: 100 > 30

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\Windows\System32 FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477

Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Windows\TEMP\inv5098_tmp_1\VMWarel
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Windows\TEMP\inv5098_tmp_1\VMWaregy
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6265000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6280000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWarer
Source: ISRT.dll.13.dr	Binary or memory string: _GetVirtualMachineType
Source: svchost.exe, 00000002.00000002.2456942545.000002825B82B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare.xml9z,
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare.xml
Source: ISRT.dll.13.dr	Binary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: ISRT.dll.13.dr	Binary or memory string: _IsVirtualMachine
Source: svchost.exe, 00000002.00000002.2466058940.0000028260E5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6265000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 00000006.00000002.2448064633.0000029ED620B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: invcol.exe, 00000045.00000003.2310081768.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare
Source: svchost.exe, 00000006.00000002.2450456180.0000029ED622B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: svchost.exe, 00000006.00000002.2454546625.0000029ED6302000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(;K
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\Executables\AppUpdate.exe -i -cDir VMWare -o ..\VMWare.xml
Source: icconfig_user.xml.62.dr	Binary or memory string: <InvComponent dir="VMWare" type="cli" priority="5" level="0" timeout="30" out="VMWare.xml">..\Executables\AppUpdate.exe -i -cDir VMWare -o ..\VMWare.xml</InvComponent>

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Checks if the current process is being debugged

Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort

Enables debug privileges

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Memory allocated: page read and write | page guard

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress

Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	Binary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	Binary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Verification.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Dism\Microsoft.Dism.PowerShell.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Logs\DISM\dism.log VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Logs\DISM\dism.log VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1}\DellInc.DellCommandUpdate_3.1.58.0_neutral_~_htrsf667h5kn2DCU.Centennial_3.1.58.0_x64.appx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1} VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Verification.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Execution.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Changes security center settings (notifications, updates, antivirus, firewall)

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: svchost.exe, 00000007.00000002.2455181175.000001FC21302000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Files%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000007.00000002.2455181175.000001FC21302000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Adds / modifies Windows certificates

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 Blob

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\System32\svchost.exe

WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
127.0.0.1

Contacted Domains

Name	IP	Active
dellupdater.dell.com	unknown	unknown
downloads.dell.com	unknown	unknown

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\readme.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5669AB71-1302-4412-8DA1-CB69CD7B7324}

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\readme.txt			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txt			Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

File opened: C:\Windows\TEMP\inv5098_tmp\msvcr100.dll

Source:	Binary string: C:\CodeBases\isdev\Redist\Language Independent\i386\ISSetup.pdb source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: DismCorePS.pdb source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom.Loader\obj\Release\Update.Custom.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1782091857.0000028ED0522000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Principal\obj\Release\Update.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.Classic\obj\Release\Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756041385.0000028EB72C2000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: DISMProv.pdb source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: Storage.Classic.dll.12.dr
Source:	Binary string: C:\Projects\Crossword\prasanna_mishra_jigsaw_1.0\jigsaw\jigsaw_src\StaticIC\StaticIC\Release\StaticIC.pdb source: StaticIC.exe.62.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdbH_b_ T__CorDllMainmscoree.dll source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Core\bin\Release\net45\System.Reactive.Core.pdb source: ServiceShell.exe, 00000032.00000002.1776516728.0000028ED01B2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdbL source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: dismhost.pdbGCTL source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: dismhost.pdb source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Principal\obj\Release\WindowsManagement.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2514158477.000002AF6BCE2000.00000002.00000001.01000000.00000040.sdmp, WindowsManagement.Principal.dll.12.dr
Source:	Binary string: AppxProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\UpdateScheduler.Principal\obj\Release\UpdateScheduler.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdbxp source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Core.Classic\obj\Release\ServiceShell.Core.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757240624.0000028EB7802000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: OfflineSetupProvider.pdbGCTL source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.Configuration.dll.12.dr
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\DRVUpdate.pdb source: DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdb source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: DpInst.pdbH source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\PNPUpdate.pdb source: PNPUpdate.exe.62.dr
Source:	Binary string: c:\jenkins\jobs\DCU2.1\workspace\DCU\Source\Tools\Internal\DemoDpinst\obj\Release\dpinst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: c:\CodeBases\isdev\Src\Runtime\MSI\CustomActions\ClrPSHelper\obj\x64\Release\ClrPSHelper.pdb source: 532a59.rbs.12.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.RemoteStorage.Classic\obj\Release\Configuration.RemoteStorage.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2513379047.000002AF6BC02000.00000002.00000001.01000000.0000003F.sdmp, Configuration.RemoteStorage.Classic.dll0.12.dr
Source:	Binary string: bacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DmiProvider.pdb source: DmiProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: DISMProv.pdbGCTL source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdb source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ImagingProvider.pdb source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdb source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\SharpBITS.Base\obj\Release\SharpBITS.Base.pdb source: ServiceShell.exe, 00000039.00000002.2539864659.000002AF6C772000.00000002.00000001.01000000.00000047.sdmp, SharpBITS.Base.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\UserSettings.Configuration.Classic\obj\Release\UserSettings.Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756184608.0000028EB72E2000.00000002.00000001.01000000.00000015.sdmp, UserSettings.Configuration.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom\obj\Release\Update.Custom.pdb source: ServiceShell.exe, 00000032.00000002.1781970252.0000028ED0512000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: FfuProvider.pdb source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: ISBEW64.exe, 0000000E.00000000.1373616080.00007FF61EDC7000.00000002.00000001.01000000.00000006.sdmp, ISBEW64.exe, 00000018.00000000.1383569184.00007FF629957000.00000002.00000001.01000000.00000007.sdmp, ISBEW64.exe, 00000025.00000000.1499833281.00007FF7C0077000.00000002.00000001.01000000.00000008.sdmp, ISBEW64.exe0.13.dr
Source:	Binary string: DpInst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000000.1528658920.0000028EB6E92000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdbT source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: LogProvider.pdb source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdbt; source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: ImagingProvider.pdbGCTL source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\_IsRes2k\0009-English\Debug\_isres_0x0409.pdb source: _isres_0x0409.dll0.13.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdbhd source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.exe, 00000032.00000002.1755937437.0000028EB72B2000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: LogProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Loader\obj\Release\ServiceShell.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1757667211.0000028EB7872000.00000002.00000001.01000000.0000001B.sdmp, ServiceShell.Loader.dll.12.dr
Source:	Binary string: C:\DSIA\crossword\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\SCSIUpdate.pdb source: SCSIUpdate.exe.62.dr
Source:	Binary string: AppxProvider.pdb source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdb source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: Update.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Principal\obj\Release\Storage.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2515948801.000002AF6BE02000.00000002.00000001.01000000.00000042.sdmp
Source:	Binary string: DmiProvider.pdbGCTL source: DmiProvider.dll.53.dr
Source:	Binary string: msvcr100.i386.pdb source: invcol.exe, 00000041.00000002.2282658956.0000000073CE1000.00000020.00000001.01000000.00000031.sdmp
Source:	Binary string: msvcp100.i386.pdb source: invcol.exe, 00000041.00000002.2281502645.000000006CD61000.00000020.00000001.01000000.00000033.sdmp, invcol.exe, 00000045.00000002.2328667240.000000006CC31000.00000020.00000001.01000000.0000003C.sdmp, msvcp100.dll.61.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb\O source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: OfflineSetupProvider.pdb source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Logger\Logger.Classic\obj\Release\Logger.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756981070.0000028EB7432000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb8,R, D,_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Proxy\obj\Release\UpdateTelemetry.Proxy.pdb source: ServiceShell.exe, 00000039.00000002.2517599079.000002AF6BFB2000.00000002.00000001.01000000.00000044.sdmp, UpdateTelemetry.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdb source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: Storage.Classic.dll.12.dr
Source:	Binary string: c:\Dev\Esskar\Serialize.Linq\src\Serialize.Linq.Net45\obj\Release\Serialize.Linq.pdb source: ServiceShell.exe, 00000032.00000002.1777354098.0000028ED02C2000.00000002.00000001.01000000.00000026.sdmp, Serialize.Linq.dll0.12.dr
Source:	Binary string: OSProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdb source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: FfuProvider.pdbGCTL source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Scheduler\Scheduler\obj\Release\Scheduler.pdb source: ServiceShell.exe, 00000032.00000002.1785810546.0000028ED0C82000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Principal\obj\Release\UpdateTelemetry.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdbhK source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: DismCorePS.pdbGCTL source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Interop\Interop.Classic\obj\Release\Interop.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757450729.0000028EB7832000.00000002.00000001.01000000.00000019.sdmp, Interop.Classic.dll0.12.dr
Source:	Binary string: OSProvider.pdb source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb@4Z4 L4_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: DpInst.pdbp source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdbh> source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Notifications\obj\Release\ServiceShell.Notifications.pdb source: ServiceShell.exe, 00000032.00000002.1776740754.0000028ED01D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb( source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdbD7^7 P7_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: Update.Classic.dll0.12.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdb source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: .pdbH source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: indoC:\Windows\Scheduler.pdb source: ServiceShell.exe, 00000039.00000002.2453945924.000000C80B770000.00000004.00000010.00020000.00000000.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File opened: d:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: dellupdater.dell.com
Source: global traffic	DNS traffic detected: DNS query: downloads.dell.com

Source: ThunderboltRegModule.exe.62.dr	String found in binary or memory: ftp://http://hrefbaseheadhtml%.20s%ddefault%d%.20scopying
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.en
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.ent/evcs1-chain256U
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr	String found in binary or memory: http://aia.entrust.net/evcs1-chain256.cer01
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c01
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7cg
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer$
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer5xD
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.en
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.en%
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl(xQ
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crlfx
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/csbr1.crl5
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/evcs1.crl
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr	String found in binary or memory: http://crl.entrust.net/evcs1.crl0J
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr	String found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crl7
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlE
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlM
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlk
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlo
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crlq
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ovcs2.crl
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ovcs2.crl-
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://crl.entrust.net/ovcs2.crl0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.cr
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl-xl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl3
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl;xB
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crlOxN
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crlR
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crlkx
Source: DismHost.exe, 00000036.00000003.1656886936.000001A279CFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000002.00000002.2464209907.0000028260E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C0F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.net/evcs1.crl00A06
Source: ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme.k
Source: ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/encj
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/aia/externalissuingca2.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/cps/dellinccps.htm0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crl0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: http://dellincca.dell.com/crl/externalissuingca2.crl0P
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://exslt.org/common
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://exslt.org/commonxsl:sort
Source: svchost.exe, 00000002.00000003.1202943646.0000028260C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: invcol.exe, 00000045.00000003.2324251088.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://icl.com/saxon
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://icl.com/saxonFound
Source: Newtonsoft.Json.dll.12.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net(h8H&
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTXgePhfsJco9hFmE0qWx1GtVqUPQQUKnCVOp%2F2k8Xzis
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQYZiPAAGkmN%2BgbjpL0XWVofDLNAQUKgpvMiwpICF2ar
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRKiO2Poi0XFwdRr1PZXruPzTMZAQU75%2B6ebBz8iUeeJ
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRzOQUpInJktokRKeuwxSyxHXa9owQUw8Jx0nvXaAWuOzmb
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr	String found in binary or memory: http://ocsp.entrust.net00
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: http://ocsp.entrust.net01
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.dr	String found in binary or memory: http://ocsp.entrust.net02
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr	String found in binary or memory: http://ocsp.entrust.net03
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr	String found in binary or memory: http://ocsp.entrust.net05
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/ts1-chain256.cerLF
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net3
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net8
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netD
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netJhZH
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.neta
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/2048ca.crl
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/2048ca.crlu
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/evcs1.crl
Source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED06E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/g2ca.crl9
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/ts1ca.crl
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.neti
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.nett
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.netxhHH
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entr~
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ocsp.thawte.com0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://reactivex.io/0
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr, ThunderboltRegModule.exe.62.dr	String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://s.symcd.com06
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://s2.symcb.com0
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.Core
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.Corex
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.Storage
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.Update
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.UpdateZ
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.WindowsManagement
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Serialize.Linq.Nodes
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Serialize.Linq.NodesH
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.IO
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Linq.Expressions
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml
Source: StaticIC.exe.62.dr	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/staticinventory.xsd
Source: DismHost.exe, 00000036.00000002.1720338328.000001A279A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft
Source: DismHost.exe, 00000036.00000003.1658367099.000001A279CF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.c
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/rol
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F00000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://sf.symcd.com0&
Source: SCSIUpdate.exe.62.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://sv.symcd.com0&
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBinding
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBinding_
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBindingb
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/H
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C0F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wst.net/rpa0
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.adrchambers.com/
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://www.apache.org/).
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 00000004.00000002.1366939262.000001F1C0413000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bingmapsportal.com
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr	String found in binary or memory: http://www.dell.com
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Interop.Classic.dll0.12.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: http://www.entrust.net/rpa0
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2468001112.000002AF52C45000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr	String found in binary or memory: http://www.entrust.net/rpa03
Source: ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.flexerasoftware.com0
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://www.jclark.com/xt
Source: invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xtmp_1
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://www.jclark.com/xtnode-sethttp://xmlsoft.org/XSLT/namespacexsl:import
Source: Newtonsoft.Json.dll.12.dr	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.symauth.com/cps0(
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: http://www.symauth.com/rpa00
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80FC000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80F0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80BD000.00000004.00000800.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682274411.000001A27A346000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.or
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://xmlsoft.org/XSLT/Registering
Source: invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ISBEW64.exe0.13.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, ISRT.dll.13.dr, StaticIC.exe.62.dr, 532a59.rbs.12.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://d.symcb.com/cps0%
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ISBEW64.exe0.13.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, ISRT.dll.13.dr, StaticIC.exe.62.dr, 532a59.rbs.12.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://d.symcb.com/rpa0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dellupdater.dell.com/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/
Source: Service.log.50.dr	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/CatalogIndexPC.cab
Source: svchost.exe, 00000002.00000002.2462330694.000002825C540000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185094103.0000028260C55000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2463421692.0000028260C5F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/CatalogIndexPC.cab3C:
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/Platform/
Source: svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000004.00000003.1366423405.000001F1C045F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367082424.000001F1C0465000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1366220951.000001F1C0486000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367082424.000001F1C0465000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367017153.000001F1C0444000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/2
Source: Service.log.50.dr	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab
Source: svchost.exe, 00000002.00000002.2461270036.000002825C100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab312
Source: svchost.exe, 00000002.00000002.2462330694.000002825C540000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2471779399.0000028261220000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185094103.0000028260C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab3C:
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabN
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabe
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabm/
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabocLMEMp
Source: svchost.exe, 00000002.00000002.2466616382.0000028260E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabp
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/DriverPackCatalog.CAB
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp	String found in binary or memory: https://downloads.dell.com/catalog/DriverPackCatalog.CAB1Cannot
Source: svchost.exe, 00000002.00000002.2467383721.0000028260EA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://downloads.dell.com:443/catalog/CatalogIndexPC.cablog/CatalogIndexPC.cabVolume
Source: svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1367017153.000001F1C0444000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366423405.000001F1C045F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000002.00000003.1202943646.0000028260CC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
Source: svchost.exe, 00000002.00000003.1202943646.0000028260CB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
Source: DismHost.exe, 00000036.00000003.1700313847.000001A279FB4000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1695283467.000001A279BEC000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1685119986.000001A27A4A3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1696116252.000001A279FAB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680525296.000001A27A4A3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1679450558.000001A27A4A2000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1691948065.000001A279ED5000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680988314.000001A27A3E8000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1723935671.000001A279E40000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1724381865.000001A279EFB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1702361908.000001A279E08000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1675318300.000001A279B42000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1700841640.000001A279EF6000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1706343758.000001A279F14000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1672461592.000001A27A478000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680089697.000001A27A4BA000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1709231602.000001A279FCD000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1690660113.000001A279F00000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1724656503.000001A279FB3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1697671423.000001A279F14000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1704740036.000001A279EFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://microsoft.sharepoint.com/teams/appxmanifest/SitePages/Home.aspx
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://opensource.dell.com/
Source: DismHost.exe, 00000036.00000003.1696721909.000001A279DE1000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1678004006.000001A27A3CB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682560908.000001A27A3E8000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1704740036.000001A279EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://osgwiki.com/wiki/Manifest_Request
Source: MSI2fadb.LOG.12.dr	String found in binary or memory: https://support.dell.com
Source: log4net.dll.12.dr	String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virt
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtu
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.8?C
Source: svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366467857.000001F1C045D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp	String found in binary or memory: https://tm-sdk.platinumai.net
Source: MSI2fadb.LOG.12.dr	String found in binary or memory: https://www.dell.com
Source: readme.txt.12.dr	String found in binary or memory: https://www.dell.com/contactus
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	String found in binary or memory: https://www.dell.com/servicecontracts/global
Source: readme.txt.12.dr	String found in binary or memory: https://www.dell.com/support
Source: svchost.exe, 00000002.00000002.2466058940.0000028260E5D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2466616382.0000028260E79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dell.com/support/onlineapi/nellogger/log
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.dr	String found in binary or memory: https://www.entrust.net/rpa0
Source: Newtonsoft.Json.dll.12.dr	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	File created: C:\Users\user\AppData\Local\Temp\APPX.6dty55tqcko6vfohyya_ri47e.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	File created: C:\Users\user\AppData\Local\Temp\APPX.t8mqwtu5j5pg8c5nai0t49rcf.tmp			Jump to dropped file

Too many similar processes found

Source: ISBEW64.exe

Process created: 61

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\532a58.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{5669AB71-1302-4412-8DA1-CB69CD7B7324}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2E4F.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ECD.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5A14.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\532a5a.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\532a5a.msi	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	File created: C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2EF74E71-39CF-4E5B-A8B9-6E1C57F9D94F}.crmlog
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	File created: C:\Windows\invcol.tmp

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI2ECD.tmp

Jump to behavior

PE file contains executable resources (Code or Archives)

Source: MSIFDEB.tmp.11.dr	Static PE information: Resource name: PUBLICKEY type: b.out overlay separate pure segmented executable V2.3 186 286 286 386 Large Text Large Data Huge Objects Enabled
Source: MSI166.tmp.11.dr	Static PE information: Resource name: PUBLICKEY type: b.out overlay separate pure segmented executable V2.3 186 286 286 386 Large Text Large Data Huge Objects Enabled

Source: ThunderboltRegModule.exe.62.dr	Binary string: E\Device\PhysicalMemoryntdll.dllkernel32.dllNtOpenSectionNtCloseNtMapViewOfSectionNtUnmapViewOfSectionRtlInitUnicodeStringZwSystemDebugControlEnumSystemFirmwareTablesGetSystemFirmwareTable\device\physicalmemoryHandle to physical memory was not set or could not be opened.Error accessing buffer.Error mapping physical memory.Error unmapping physical memory.Could not use Debug Sysctl to read physical memory.Could not locate a table which can be used.Failed to allocate memory for Firmware table.GetSystemFirmwareTable returned 0 for table length.EnumSystemFirmwareTables returned 0 for table size.Could not load ntdll functions!SeDebugPrivilegewriting to physical memory is not implemented on Windows yet.dfG
Source: ThunderboltRegModule.exe.62.dr	Binary string: \Device\PhysicalMemory
Source: DmiProvider.dll.53.dr	Binary string: WdsCopyFileEx: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u msWdsCopyFileEx: Failed to strip file attributes for %s, will delete. GLE = 0x%xWdsCopyFileEx: Failed to delete %s. GLE = 0x%xkernel32.dllFindFirstFileNameWFindNextFileNameWDeleteFileEx: Spoofing detected deleting [%s] -> [%s]\\?\Volume{DeleteFileEx: Unable to allocate hardlink path bufferDeleteFileEx: Unable to remove [%s]; GLE = 0x%xDeleteFileEx: hardlink given to us is: %sDeleteFileEx: Trying to set back attributes on: %sDeleteFileEx: Unable to restore attributes on [%s]; GLE = 0x%xDeleteFileEx: Unable to clear out attributes on [%s]; GLE = 0x%xDeleteFileEx: Unable to get information on [%s]; GLE = 0x%xDeleteFileEx: Unable to delete [%s]; GLE = 0x%xDeleteFileEx: Unable to open [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to clear attributes on [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to remove directory [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to prepare path [%s]; GLE = 0x%xEnumeratePathEx: Unable to get reparse tag for persistent reparse point; GLE = 0x%x*...EnumeratePathEx: Unable to enumerate [%s]; GLE = 0x%xEnumeratePathEx: Callback requested enumeration interruption or hit internal enumeration failure on [%s]; GLE = 0x%xEnumeratePathEx: Unable to construct path under [%s]; GLE = 0x%xEnumeratePathEx: FindFirstFile failed for [%s]; GLE = 0x%xEnumeratePathEx: Failed search path is >= MAX_PATH!CopyDirectoryDirCallback: The copy was canceled by the user.CopyDirectoryFileCallback: The copy was canceled by the user.user32.dllSendMessageWmovecopyCopyDirectoryFileCallback: Unable to %s file from [%s] to [%s]; GLE = 0x%xCopyDirectoryEx2: Specified directory [%s] doesn't existCopyDirectoryEx2: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u ms; am on try %u.\\?\UNCCreatePath: Unable to create [%s]; GLE = 0x%xCreatePath: Unable to create parent directory for [%s]; GLE = 0x%x\\?\GLOBALROOT\Device\\{bf1a281b-ad7b-4476-ac95-f47682990ce7}..{}..
Source: OfflineSetupProvider.dll.53.dr	Binary string: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-WIN-%s\%s\Device\KsecDD0123456789ABCDEFGHIJKLMNOPQRSTUVMUI%s\%s\%s.mui%s\%s.mui.\%s\%s.mui.\%s.muiMUI\%04hx
Source: icsvc32.dll.62.dr	Binary string: \Device\PhysicalMemoryntdll.dllkernel32.dllNtOpenSectionNtCloseNtMapViewOfSectionNtUnmapViewOfSectionRtlInitUnicodeStringZwSystemDebugControlEnumSystemFirmwareTablesGetSystemFirmwareTable\device\physicalmemoryHandle to physical memory was not set or could not be opened.Error accessing buffer.Error mapping physical memory.Error unmapping physical memory.Could not use Debug Sysctl to read physical memory.Could not locate a table which can be used.Failed to allocate memory for Firmware table.GetSystemFirmwareTable returned 0 for table length.EnumSystemFirmwareTables returned 0 for table size.Could not load ntdll functions!SeDebugPrivilegewriting to physical memory is not implemented on Windows yet.

Source: classification engine

Classification label: mal60.evad.winZIP@107/1001@4/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\Dell

Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Log_Service.log
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\3C0983922B7A37F32E4DADF6C3705488
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\51DC44F7D66E991AFDEE94749C67F5B1
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6212:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\6103E6FEA6513F7D8641496DF3C42447
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\63D3958AD4137B17EEA6FDDC9E63D2FF
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\9BAB89858416B94B57169E6F44E791DC
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\01EA8B2198FD50AAE6B5CEA9721955F5
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\A7E5FF56E202B41EAAC42B17A256D73C
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Clients_CommandUpdate_Scheduler.dat
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\27CD7570C4C0E5DBC7983D2A71155F5E
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\1F9CF2888AAC14E30813E527230DBB05
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\CD63157A1FBFE56BD8E5632E9DE511B0
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\07F5ABE778811D938251CC7B2F4E1130
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\08A40336CB4486523758172D07374B6E
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\E5573EA3076405C89A19BF7E0B09A395
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\4E36918A3031C928AE18B751103E44B0
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\28C755528B74E002DD8710E57794A689
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\WdsSetupLogInit
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\56CBA0F550C102E4764BA8DAE2218ECA
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\8659A036D365487B59B7B48E26D661D1
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\TIMER:C__ProgramData_Dell_UpdateService_Clients_CommandUpdate_Scheduler.dat
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Mutant created: NULL
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Log_Activity.log
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6668:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\CD519571451D12B765701B9BE164F1B3
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\7837B0190866F359D0E29347FB941532
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\F036C5A7E9DF3D703CDA4DE7A6B7A18B
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\DC6899D66958FD8C26C1022E00DD6773
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\D1A1B428E0C83DF495CE498FA6EB0704
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:304:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\93A2A6F52B8C2F043E8A7EEFCD649BB6
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Mutant created: \BaseNamedObjects\Global\EBDB0655BF853ED705269172962984F6
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2356:120:WilError_03

Source: C:\Windows\System32\svchost.exe

File created: C:\ProgramData\Dell\UpdateService\Temp\BIT908F.tmp

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
Source: unknown	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Source: unknown	Process created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh
Source: unknown	Process created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp\invcol.exe C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv65D5_tmp\invcol.exe C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp\invcol.exe C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process created: C:\Windows\Temp\inv65D5_tmp\invcol.exe C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"

Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: moshost.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mapsbtsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mosstorage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mapconfiguration.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: storsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fltlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: storageusage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostservice.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: networkhelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userdataplatformhelperutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mccspal.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcfgutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcmnutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dmxmlhelputils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: inproclogger.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: synccontroller.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pimstore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: accountaccessor.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: systemeventsbrokerclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatalanguageutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mccsengineshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cemapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatatypehelperutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: phoneutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dispex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: vbscript.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dispex.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: scrrun.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: mfcsubs.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: comsvcs.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: catsrvps.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: catsrvut.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: es.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: stclient.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: comsvcs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: txflog.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: es.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: xolehlp.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: msdtcprx.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mtxclu.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: catsrv.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mfcsubs.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: catsrvps.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: msdtctm.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: msdtcprx.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: msdtclog.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: mtxclu.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: mtxclu.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: xolehlp.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msdtc.exe	Section loaded: comres.dll

Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\IsConfig.ini

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\readme.txt	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5669AB71-1302-4412-8DA1-CB69CD7B7324}

Jump to behavior

Source: at.zip

Static file information: File size 14491122 > 1048576

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

File opened: C:\Windows\TEMP\inv5098_tmp\msvcr100.dll

Source:	Binary string: C:\CodeBases\isdev\Redist\Language Independent\i386\ISSetup.pdb source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: DismCorePS.pdb source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom.Loader\obj\Release\Update.Custom.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1782091857.0000028ED0522000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Principal\obj\Release\Update.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.Classic\obj\Release\Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756041385.0000028EB72C2000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: DISMProv.pdb source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: Storage.Classic.dll.12.dr
Source:	Binary string: C:\Projects\Crossword\prasanna_mishra_jigsaw_1.0\jigsaw\jigsaw_src\StaticIC\StaticIC\Release\StaticIC.pdb source: StaticIC.exe.62.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdbH_b_ T__CorDllMainmscoree.dll source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Core\bin\Release\net45\System.Reactive.Core.pdb source: ServiceShell.exe, 00000032.00000002.1776516728.0000028ED01B2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdbL source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: dismhost.pdbGCTL source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: dismhost.pdb source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Principal\obj\Release\WindowsManagement.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2514158477.000002AF6BCE2000.00000002.00000001.01000000.00000040.sdmp, WindowsManagement.Principal.dll.12.dr
Source:	Binary string: AppxProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\UpdateScheduler.Principal\obj\Release\UpdateScheduler.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdbxp source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Core.Classic\obj\Release\ServiceShell.Core.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757240624.0000028EB7802000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: OfflineSetupProvider.pdbGCTL source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.Configuration.dll.12.dr
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\DRVUpdate.pdb source: DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdb source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: DpInst.pdbH source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\PNPUpdate.pdb source: PNPUpdate.exe.62.dr
Source:	Binary string: c:\jenkins\jobs\DCU2.1\workspace\DCU\Source\Tools\Internal\DemoDpinst\obj\Release\dpinst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: c:\CodeBases\isdev\Src\Runtime\MSI\CustomActions\ClrPSHelper\obj\x64\Release\ClrPSHelper.pdb source: 532a59.rbs.12.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.RemoteStorage.Classic\obj\Release\Configuration.RemoteStorage.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2513379047.000002AF6BC02000.00000002.00000001.01000000.0000003F.sdmp, Configuration.RemoteStorage.Classic.dll0.12.dr
Source:	Binary string: bacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DmiProvider.pdb source: DmiProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: DISMProv.pdbGCTL source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdb source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ImagingProvider.pdb source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdb source: System.Reactive.PlatformServices.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\SharpBITS.Base\obj\Release\SharpBITS.Base.pdb source: ServiceShell.exe, 00000039.00000002.2539864659.000002AF6C772000.00000002.00000001.01000000.00000047.sdmp, SharpBITS.Base.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\UserSettings.Configuration.Classic\obj\Release\UserSettings.Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756184608.0000028EB72E2000.00000002.00000001.01000000.00000015.sdmp, UserSettings.Configuration.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom\obj\Release\Update.Custom.pdb source: ServiceShell.exe, 00000032.00000002.1781970252.0000028ED0512000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: FfuProvider.pdb source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: ISBEW64.exe, 0000000E.00000000.1373616080.00007FF61EDC7000.00000002.00000001.01000000.00000006.sdmp, ISBEW64.exe, 00000018.00000000.1383569184.00007FF629957000.00000002.00000001.01000000.00000007.sdmp, ISBEW64.exe, 00000025.00000000.1499833281.00007FF7C0077000.00000002.00000001.01000000.00000008.sdmp, ISBEW64.exe0.13.dr
Source:	Binary string: DpInst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000000.1528658920.0000028EB6E92000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdbT source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: LogProvider.pdb source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdbt; source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: ImagingProvider.pdbGCTL source: ImagingProvider.dll.53.dr
Source:	Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\_IsRes2k\0009-English\Debug\_isres_0x0409.pdb source: _isres_0x0409.dll0.13.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdbhd source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.exe, 00000032.00000002.1755937437.0000028EB72B2000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: LogProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Loader\obj\Release\ServiceShell.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1757667211.0000028EB7872000.00000002.00000001.01000000.0000001B.sdmp, ServiceShell.Loader.dll.12.dr
Source:	Binary string: C:\DSIA\crossword\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\SCSIUpdate.pdb source: SCSIUpdate.exe.62.dr
Source:	Binary string: AppxProvider.pdb source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdb source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: Update.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Principal\obj\Release\Storage.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2515948801.000002AF6BE02000.00000002.00000001.01000000.00000042.sdmp
Source:	Binary string: DmiProvider.pdbGCTL source: DmiProvider.dll.53.dr
Source:	Binary string: msvcr100.i386.pdb source: invcol.exe, 00000041.00000002.2282658956.0000000073CE1000.00000020.00000001.01000000.00000031.sdmp
Source:	Binary string: msvcp100.i386.pdb source: invcol.exe, 00000041.00000002.2281502645.000000006CD61000.00000020.00000001.01000000.00000033.sdmp, invcol.exe, 00000045.00000002.2328667240.000000006CC31000.00000020.00000001.01000000.0000003C.sdmp, msvcp100.dll.61.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb\O source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: OfflineSetupProvider.pdb source: OfflineSetupProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Logger\Logger.Classic\obj\Release\Logger.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756981070.0000028EB7432000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb8,R, D,_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Proxy\obj\Release\UpdateTelemetry.Proxy.pdb source: ServiceShell.exe, 00000039.00000002.2517599079.000002AF6BFB2000.00000002.00000001.01000000.00000044.sdmp, UpdateTelemetry.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdb source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.ContinualService.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: Storage.Classic.dll.12.dr
Source:	Binary string: c:\Dev\Esskar\Serialize.Linq\src\Serialize.Linq.Net45\obj\Release\Serialize.Linq.pdb source: ServiceShell.exe, 00000032.00000002.1777354098.0000028ED02C2000.00000002.00000001.01000000.00000026.sdmp, Serialize.Linq.dll0.12.dr
Source:	Binary string: OSProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdb source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: FfuProvider.pdbGCTL source: FfuProvider.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Scheduler\Scheduler\obj\Release\Scheduler.pdb source: ServiceShell.exe, 00000032.00000002.1785810546.0000028ED0C82000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Principal\obj\Release\UpdateTelemetry.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdbhK source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source:	Binary string: DismCorePS.pdbGCTL source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Interop\Interop.Classic\obj\Release\Interop.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757450729.0000028EB7832000.00000002.00000001.01000000.00000019.sdmp, Interop.Classic.dll0.12.dr
Source:	Binary string: OSProvider.pdb source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb@4Z4 L4_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: DpInst.pdbp source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdbh> source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Notifications\obj\Release\ServiceShell.Notifications.pdb source: ServiceShell.exe, 00000032.00000002.1776740754.0000028ED01D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb( source: ThunderboltRegModule.exe.62.dr
Source:	Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdbD7^7 P7_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source:	Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: Update.Classic.dll0.12.dr
Source:	Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdb source: Dell.Pla.P1.Common.dll.12.dr
Source:	Binary string: .pdbH source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source:	Binary string: indoC:\Windows\Scheduler.pdb source: ServiceShell.exe, 00000039.00000002.2453945924.000000C80B770000.00000004.00000010.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: MSIFDEB.tmp.11.dr	Static PE information: section name: .orpc
Source: MSI166.tmp.11.dr	Static PE information: section name: .orpc

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCore.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Quartz.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5A14.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIFCFF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIFDEB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIFBC6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Execution.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSID7E3.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIBE3F.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\invcol.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI166.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ECD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\invcol.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ECD.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\invcol.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcp100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\invcol.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\dsupt32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5A14.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\msvcr100.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\dsupt32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv65D5_tmp\icsvc32.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File created: C:\Windows\Temp\inv5098_tmp\dsupt32.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

File created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Dell\CommandUpdate\readme.txt			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txt			Jump to behavior

Creates or modifies windows services

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\msiexec.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\msiexec.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\msiexec.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service where Name = 'DellClientManagementService'
Source: C:\Windows\SysWOW64\msiexec.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Service.Name="DellClientManagementService"::StopService
Source: C:\Windows\SysWOW64\msiexec.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service where Name = 'DellClientManagementService'

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe

System information queried: FirmwareTableInformation

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Section loaded: OutputDebugStringW count: 218

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 28EB70C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 28ECF960000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 2AF52A50000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Memory allocated: 2AF6B1A0000 memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\PIEConfig.xml
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\DrvCfg64.ini
Source: C:\Windows\System32\svchost.exe	File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}	Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\DrvCfg32.ini
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	File opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\PIEInfo.txt

Contains long sleeps (>= 3 min)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 7144
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 2653
Source: C:\Windows\System32\dllhost.exe	Window / User API: threadDelayed 1787
Source: C:\Windows\System32\msdtc.exe	Window / User API: threadDelayed 2000
Source: C:\Windows\System32\msdtc.exe	Window / User API: threadDelayed 7960
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 6788
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Window / User API: threadDelayed 2593

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Quartz.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\App.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI5A14.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFCFF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFDEB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFBC6.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Execution.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID7E3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Verification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBE3F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI166.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI2ECD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\GUI.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.mui	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\dcu-cli.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dll	Jump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Dropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Scheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.mui	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\svchost.exe TID: 7060	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3312	Thread sleep count: 7144 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3312	Thread sleep count: 2653 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2012	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\dllhost.exe TID: 1092	Thread sleep count: 1787 > 30
Source: C:\Windows\System32\dllhost.exe TID: 1092	Thread sleep time: -178700s >= -30000s
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep count: 2000 > 30
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep time: -200000s >= -30000s
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep count: 7960 > 30
Source: C:\Windows\System32\msdtc.exe TID: 1108	Thread sleep time: -796000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 2128	Thread sleep count: 1618 > 30
Source: C:\Windows\System32\msiexec.exe TID: 2128	Thread sleep count: 8251 > 30
Source: C:\Windows\System32\msiexec.exe TID: 2188	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2932	Thread sleep count: 114 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2932	Thread sleep count: 6788 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 812	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496	Thread sleep count: 233 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496	Thread sleep count: 86 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496	Thread sleep count: 33 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 812	Thread sleep count: 2593 > 30
Source: C:\Windows\Temp\inv5098_tmp\invcol.exe TID: 4196	Thread sleep count: 100 > 30
Source: C:\Windows\Temp\inv65D5_tmp\invcol.exe TID: 2664	Thread sleep count: 100 > 30

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\Windows\System32 FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Thread delayed: delay time: 922337203685477

Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Windows\TEMP\inv5098_tmp_1\VMWarel
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Windows\TEMP\inv5098_tmp_1\VMWaregy
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6265000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6280000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWarer
Source: ISRT.dll.13.dr	Binary or memory string: _GetVirtualMachineType
Source: svchost.exe, 00000002.00000002.2456942545.000002825B82B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare.xml9z,
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare.xml
Source: ISRT.dll.13.dr	Binary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: ISRT.dll.13.dr	Binary or memory string: _IsVirtualMachine
Source: svchost.exe, 00000002.00000002.2466058940.0000028260E5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6265000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 00000006.00000002.2448064633.0000029ED620B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: invcol.exe, 00000045.00000003.2310081768.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare
Source: svchost.exe, 00000006.00000002.2450456180.0000029ED622B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: svchost.exe, 00000006.00000002.2454546625.0000029ED6302000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(;K
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\Executables\AppUpdate.exe -i -cDir VMWare -o ..\VMWare.xml
Source: icconfig_user.xml.62.dr	Binary or memory string: <InvComponent dir="VMWare" type="cli" priority="5" level="0" timeout="30" out="VMWare.xml">..\Executables\AppUpdate.exe -i -cDir VMWare -o ..\VMWare.xml</InvComponent>

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Checks if the current process is being debugged

Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort

Enables debug privileges

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Memory allocated: page read and write | page guard

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Process created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress

Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	Binary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi	Binary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Verification.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Dism\Microsoft.Dism.PowerShell.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Logs\DISM\dism.log VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Windows\Logs\DISM\dism.log VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1}\DellInc.DellCommandUpdate_3.1.58.0_neutral_~_htrsf667h5kn2DCU.Centennial_3.1.58.0_x64.appx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1} VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Verification.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe	Queries volume information: C:\Program Files (x86)\Dell\UpdateService\Execution.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Changes security center settings (notifications, updates, antivirus, firewall)

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: svchost.exe, 00000007.00000002.2455181175.000001FC21302000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Files%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000007.00000002.2455181175.000001FC21302000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Adds / modifies Windows certificates

Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 Blob

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\System32\svchost.exe

ID:	1538487
Product:	CloudBasic
Start time:	11:57:47
Start date:	21.10.2024
Sample:	at.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	6dd87a1d9baaf21fa3442e6680e0e447
SHA1:	52bde540e5ae24f09118318242fcc0c3f2ef51e5
SHA256:	54cc640764057626ed48c0c5a6067325c65a8793b50f2e8ec55b2343d7ba5c45
Filetype:	ZIP compressed archive (8000/1) 100.00%

Windows Analysis Report
at.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

E-Banking Fraud

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report at.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

E-Banking Fraud

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
at.zip